By Ryan Squires Posted August 14, 2018
With data breaches taking up headlines from Wired to the New York Times, it is now more important than ever to secure user identities. It is estimated that breaches will cost companies $2.1 trillion in 2019. That’s enough money to buy Apple—twice. Because compromised identities contribute to the majority of data breaches, password requirements are becoming increasingly complex and many organizations are implementing multi-factor authentication to help bolster security. So what is MFA and how how does it help with security? Let’s explore the definition of multi-factor authentication.
What is MFA?
Multi-factor authentication is a pretty self-explanatory term at its core, but gets more interesting in practice. In general, MFA requires users to provide multiple forms of authentication in order to gain access to IT resources. Typically, MFA involves something you know, like a username and password, and something you have like a token generated by an app such as Google Authenticator. It is possible to receive tokens via SMS instead of an authenticator app; however, it is not recommended. Take it from Reddit, who recently found out the hard way that SMS-intercept is a real threat and can have major consequences.
Multi-Factor Authentication Code Generators
The codes generated by apps like Google Authenticator™ and Duo Mobile® increase security by linking to accounts and randomly generating time-based one-time passwords (TOTP) codes every 30 to 60 seconds. This process helps to ensure that even if somebody shoulder surfed your credentials on the bus — MFA code and all — there is some security in knowing that the MFA code will change within the next 30 seconds or so. (Side note: make sure to obscure sensitive credentials any time you’re in public.) Like the aforementioned scenario, while weak passwords may not be all that difficult for a hacker to compromise, it is much harder to try and guess an MFA code that changes every 30 seconds. Also, a hacker would not only need your password, but would also need your smartphone with the authenticator app to effectively login to an account. Obtaining your phone, cracking the screen lock pin, and getting the MFA code on top of figuring out your system password is a difficult—if not a virtually impossible—scenario for any hacker to overcome. So, that’s why MFA can significantly bolster security within your organization.
Past and Present
Because the acceptance of MFA is relatively new, however, not all IT resources feature it. This includes the legacy directory service, Microsoft® Active Directory® which generally requires you to purchase yet another IAM solution with MFA in order to include it with your core directory services. Fortunately, for those who wish to up their IT security, JumpCloud® Directory-as-a-Service® provides MFA at the system and application level as a core feature rather than require a third party add-on solution.
MFA can be enabled for JumpCloud User Portal access as well as the JumpCloud Admin Console. Enabling this feature and utilizing a TOTP generator adds zero costs but could end up saving vast sums of money and stress in the long run. The benefit of enabling MFA for the JumpCloud user portal is a boost in security when apps are accessed through the user portal. Enabling MFA on the JumpCloud admin console results in a tightly-controlled environment where critical changes can’t be made without the admin’s password and MFA code.
At the system level, MFA for Mac ensures that losing a MacBook is not the stress-inducing nightmare it was in the past. Even if the person who found or stole the system were able to crack the password, they’d need an MFA code to access it. Assuming the smartphone associated with that system is protected by a screen lock PIN and remote wipe, getting into that phone—and therefore laptop—would be extremely difficult.
With regard to servers, the JumpCloud Directory-as-a-Service can enable MFA on critical Linux servers as well. These cloud servers are often hosted by AWS®, Google Compute Platform™, or Microsoft® Azure® and as a result are accessed remotely. MFA can safeguard valuable business operations by requiring users to enter the MFA code at the Linux server login prompt. MFA makes it much harder for hackers to obtain access to valuable infrastructure at the system and server levels.
Learn More About JumpCloud and MFA
If you’re still curious about the definition of multi-factor authentication, feel free to give us a call or drop a note. Check out our YouTube channel for information on best practices, tutorials, and whiteboard videos to enable MFA on your free JumpCloud Directory-as-a-Service account. The first 10 users are free, and they will be forever. No credit card required.