New Training: Authentication and Authorization Design Concepts
In this 6-video skill, CBT Nuggets trainer Keith Barker provides an overview of authentication and authorization design concepts and strategies. Watch this new Cyber Security training.
Learn security with one of these courses:
CompTIA Security+ (SY0-601)
This training includes:
44 minutes of training
You’ll learn these topics in this skill:
Intro to Authentication and Authorization Concepts
Multifactor Authentication (MFA)
Is Multi-factor Authentication as Secure As You Think?
While multi-factor authentication (MFA) is the standard minimum for account security, is it as truly secure as you might think?
The goal of MFA is to undeniably prove the identity of a person while minimizing the impacts of things like data breaches or password attacks. MFA works by requiring a person to use both 'something they know' and 'something they have' to prove their identity. The idea is that this additional piece of information makes it more difficult for hackers to break into an account.
Typically, authentication requires a user-created password as well as a randomly generated number, though it's important to note that the second piece of authentication can be a physical object like a secure USB key.
Not all MFA methods are secure. Some MFA methods use SMS as a second factor. SMS is highly susceptible to social engineering attacks like SIM jacking. Likewise, MFA protocols like OTP (one-time-passwords) can be broken by prediction attacks.
Multi-factor authentication is more of a design concept than a strict standard, but there are proven models that work. Deciding which MFA model you should use is a balancing act between convenience and security.