Authentication refers to the act of confirming the identity of the person who is attempting to log in and obtain access to your WordPress installation — just like when you log in to your WordPress website by using a username and password. The idea for multi-factor authentication stems from the idea that one password alone is not enough to secure access to any environment.
Multi-factor authentication is also called strong authentication and, when in use, it requires more than one user-authentication method. WordPress, by default, requires only one: a username with password. Multi-factor authentication adds layers of authentication measures for extra security for user logins.
Why is multi-factor authentication needed?
As organizations digitize operations and take on greater liability for storing customer data, the risks and need for security increase. Because attackers have long exploited user login data to gain entry to critical systems, verifying user identity has become essential.
Authentication based on usernames and passwords alone is unreliable and unwieldy, since users may have trouble storing, remembering, and managing them across multiple accounts, and many reuse passwords across services and create passwords that lack complexity. Passwords also offer weak security because of the ease of acquiring them through hacking, phishing, and malware.
What are examples of multi-factor authentication?
The most common example of MFA is the process for using an ATM at a bank. To gain access to their accounts, users must insert a bank card (a physical factor) and enter a PIN (a knowledge factor).
Another familiar example is the time-based one-time password (TOTP) method, used by financial institutions and other large enterprises to secure workflows, applications, and accounts. Upon requesting login, users are asked to provide a temporary passcode that has been sent via a text message, phone call, or email.
How does multi-factor authentication work?
MFA requires means of verification that unauthorized users won't have. Since passwords are insufficient for verifying identity, MFA requires multiple pieces of evidence to verify identity. The most common variant of MFA is two-factor authentication (2FA). The theory is that even if threat actors can impersonate a user with one piece of evidence, they won't be able to provide two or more.
Proper multi-factor authentication uses factors from at least two different categories. Using two from the same category does not fulfill the objective of MFA. Despite wide use of the password/security question combination, both factors are from the knowledge category--and don't qualify as MFA. A password and a temporary passcode qualify because the passcode is a possession factor, verifying ownership of a specific email account or mobile device.
Is multi-factor authentication complicated to use?
Multi-factor authentication introduces an extra step or two during the login process, but it is not complicated. The security industry is creating solutions to streamline the MFA process, and authentication technology is becoming more intuitive as it evolves.
For example, biometric factors like fingerprints and face scans offer fast, reliable logins. New technologies that leverage mobile device features like GPS, cameras, and microphones as authentication factors promise to further improve the identity verification process. Simple methods like push notifications only require a single tap to a user's smart phone or smart watch to verify their identity.
How do organizations start using MFA?
Many operating systems, service providers, and account-based platforms have incorporated MFA into their security settings. For single users or small businesses, using MFA is as simple as going to settings for operating systems, web platforms, and service providers and enabling the features. Larger organizations with their own network portals and complex user-management challenges may need to use an authentication app like Duo, which adds an extra authentication step during login.
How do I get MFA?
Call Abadata! We'd love to help! 989 883 3411