What if you come back to your computer in other insufficient hands while you were aware when your phone suddenly tingles with the notification chime saying there is an attempt to login to your precious social media profile or even important cloud admin panels? Well, that was a saviour, wasn’t it? All thanks to Two Factor Authentication also known as Multi Factor Authentication or if these are a mouthful, simply MFA.
Two Factor authentication brings an extra edge of login security for major applications ranging from Facebook, Twitter and Instagram, to GMail, AWS Dashboard, Superset and many more. Wait, it is not always about the SMS Authentication MFA or 2FA can be a deliverable temporary authentication to any device in your closest possession, a second email, a code generator linked with the application, via calls and other methods such as physical hardware as well.
Is it Important?
Maintaining authentication apps, receiving and typing in codes manually filling in captcha requests by stressing your eyes on small letters can be a nuisance to thought but surely an amazing frontline to defend against the horrors of modern world breaches.
Taking into consideration the massive scale breaches recorded not in history but in the recent past with millions and billions of user credentials out in the wild being swapped from one hand to another as we speak. The attacked and compromised accounts thereby being logged into to make better escalations into personal profiles are curbed by our heroes for the day.
By guessing the short predictable password or running scripts against fields to guess passwords, a large-scale data breach is most susceptible to using one such method to lure your account into their control. Or maybe try to lure you into their traps with Phishing websites, Spear Phishing or checking for redundant passwords that you might have used for multiple platforms, sounds ridiculous? Who would do that in their right minds? Well, more than 44% of the population is the answer.
Well, too good that the small ting on your mobile phone for an attempt to login made you change your password and log out of all other devices in time.
Is this magic?
Different MFA methods can use different approaches to checking for such authenticating methods but general rules include the presence of an authentication server responsible for sending and the verification of such codes provided the username and passwords match from the user databases.
In the fast paced world a dynamic approach to maintain security on the aspects of web and application security built to maintain a snug fit to the requirement for the loose relying on just passwords is the way forwards. Sometimes, a little hold back on time is a good thing.
