TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    You don’t need a crowd for a communal moment

    July 2, 2022

    You can now play the “all your base are belong to us” game on your Switch

    July 2, 2022

    Crypto hedge fund Three Arrows files for bankruptcy

    July 2, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      You can now play the “all your base are belong to us” game on your Switch

      July 2, 2022

      There’s a better way to bypass Windows 11 install restrictions

      July 2, 2022

      What is the best controller for Xbox consoles?

      July 1, 2022

      The GPU shortage is over

      July 1, 2022

      Google will start auto-deleting abortion clinic visits from user location history

      July 1, 2022
    • Business
    • Cyber Security

      Tips to bolster cybersecurity, incident response this 4th of July weekend

      July 1, 2022

      Jon Raper named CISO at Costco

      July 1, 2022

      2022 RSAC takeaways: Risk management vs compliance

      July 1, 2022

      3 security lessons we haven’t learned from the Kaseya breach

      July 1, 2022

      Auston Davis named CISO at Versant Health

      June 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Why Not Always Multi-Factor Authentication?
    Cyber Security

    Why Not Always Multi-Factor Authentication?

    February 26, 2019Updated:February 26, 2019No Comments5 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    According to a survey of 2,600 IT professionals conducted by security awareness training firm KnowBe4, only 38 percent of large companies use multi-factor authentication (MFA) while a whopping 62 percent of small to midsize companies don’t. MFA, which requires more than one method of authentication to verify identity, may not be the sexiest thing around, but with it in place, organizations can make it that much harder for attackers to accomplish their goals. So, why isn’t it more ubiquitous?

    Perhaps the issue stems from the fact that some people tend to choose the path of least resistance. Or perhaps it stems from a belief that MFA isn’t the fastest, easiest, and most convenient solution to implement and use. While it’s true that there’s no turnkey MFA solution to fit every organization, it’s not necessarily true that it should be viewed as yet another difficult security control that needs to be folded into existing security stacks. 

    Every organization is different — from the technology and security controls they have in place to the in-house skillsets they possess — and therefore, the time, effort, and cost required to implement MFA will vary. What’s important is to consider the various environments (e.g., on-premises, cloud, hybrid), determine which applications need MFA, and then find the best solution fit to align with existing policies, controls, and security objectives. 

    More Is More

    It’s also important for IT security teams to understand the slight, but potentially significant difference between MFA and two-factor (2FA) authentication. 

    A subset of MFA, 2FA requires users to provide a username/password combo and to verify their identity via something they physically possess (e.g. a smartphone). Today, the majority of 2FA solutions work by sending a unique, one-time code to a user’s mobile phone, which has already been confirmed and paired to the user’s account. Popular solutions, for example, are Google Authenticator and Authy, which generate two-step verification codes on mobile phones, and Duo Mobile, which verifies a user’s identity with push-based notifications and helps protect against phishing and other identity-based attacks.  

    But why stop at two factors? The convenience and relative time savings of 2FA may be better than nothing, but are they worth the risk? Especially considering that most, if not all breaches today involve an adversary compromising user credentials and using them to gain access to an organization’s network and sensitive assets. 

    Among several large-scale examples of 2FA failing is the recent Reddit one. Back in June, Reddit found that an attacker had compromised several employee accounts through its cloud and source-code hosting providers. At the time, the company had been using basic SMS-based 2FA authentication, whereby users were sent a token via text message that they then entered into the application they were authenticating to. This form of 2FA is simple, cheap, and user-friendly, which is why it’s so widely used; however, the downside is that it’s also extremely vulnerable to SMS intercepts, which was the main attack vector used in the Reddit breach. 

    Other Factors to Consider

    A device-recognition product can help alleviate some of the inherent vulnerabilities of basic 2FA. These solutions work by registering a user ID to an authentication server. The server and client then use the user ID to generate a new token after a specific time frame. When a user attempts to log into an application, the server checks to see if the generated values match; and if they do, the user is granted access. 

    While extra factors may not cater to those looking for maximum speed and convenience, it’s hard to argue against the easy to use, but harder to defeat combo, especially compared to the greater hassle and potential damage of a breach.

    Erin O’Malley is an incident response delivery support manager at Accenture Security, FusionX, Cyber Investigation and Forensics Response (CIFR), where she teams with incident responders and threat hunters to document and catalog incident report findings and highlight the value of taking an adversary-based approach to minimize the risk, exposure, and damage of cybersecurity incidents. Prior to joining Accenture, Erin was a security solutions marketing manager at Gigamon. Other past roles have included product marketing for virtualization and cloud security solutions at Juniper Networks and customer marketing at VMware. She has written and edited for GE Digital, WSGR, Business Objects, and the TDA Group, and holds a B.A. in French from Penn State University and an M.A. in French from Middlebury College. The opinions and statements in this column are solely those of the individual author, and do not constitute professional or legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. No representations or warranties are provided, and the reader is responsible for determining whether or not to follow any of the suggestions or recommendations, entirely at their own discretion.

    Previous Columns by Erin O’Malley:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Tips to bolster cybersecurity, incident response this 4th of July weekend

    July 1, 2022 Cyber Security

    Jon Raper named CISO at Costco

    July 1, 2022 Cyber Security

    2022 RSAC takeaways: Risk management vs compliance

    July 1, 2022 Cyber Security

    3 security lessons we haven’t learned from the Kaseya breach

    July 1, 2022 Cyber Security

    Auston Davis named CISO at Versant Health

    June 30, 2022 Cyber Security

    Lessons learned from slew of recent data breaches

    June 30, 2022 Cyber Security
    Editors Picks

    You can now play the “all your base are belong to us” game on your Switch

    July 2, 2022

    Crypto hedge fund Three Arrows files for bankruptcy

    July 2, 2022

    There’s a better way to bypass Windows 11 install restrictions

    July 2, 2022

    Biden administration floats new oil leasing plan in Gulf of Mexico

    July 1, 2022
    Trending Now

    Ryanair chief warns fares will rise for 5 years because flying is ‘too cheap’

    By techbizweb

    The government’s going after alleged crypto scammers as market crashes

    By techbizweb

    Mexico presses ahead with multibillion-dollar bet on fossil fuels

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.