Requiring multi-factor authentication decreases the likelihood of hackers stealing data remotely. Explore why enterprises should enable MFA for their end users and why service providers should encourage their customers to do so as well.
Article Security April 22, 2019

What is Multi-Factor Authentication (MFA)?

What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication, or MFA, is the requirement that users bring something tangible with them, in addition to knowing a password, when trying to login. The security concept is called “Bring Something, Know Something.” Futuristic examples include retina scanning or even DNA blood sampling, but there are more practical ways to perform MFA.

 

MFA is an important security tool because logins and passwords are easily found on the dark web.

 

The physical device requirement could be as simple as a pre-authorized mobile phone that can receive a text. It could be a smartphone or smartwatch running a synchronized app. Multi-factor authentication solutions can be achieved by a proprietary keychain-size device that generates a unique token or a USB key that needs to be inserted into the computer a user wishes to login to. Insistence on requiring such a physical device, in addition to entering a password, decreases the likelihood that a hacker could log in remotely equipped only with the correct username and password.

 

Why is MFA important?

MFA is an important security tool because logins and passwords are easily found on the dark web. Additionally, computing power has accelerated to the point where “brute force” techniques have become practical, enabling hackers to use a computer to programmatically guess passwords. In situations when MFA is required, simply knowing the password is almost useless without having access to the associated physical device.

Similarly, MFA is not a substitute for complex passwords. A smart combination would be MFA plus passwords that are longer, more complex, harder-to-guess and are unique to each login platform. Any breach would be isolated and the damage could be mitigated.

 

MFA for Enterprises and Managed Cloud Services Providers (MSPs)

MFA is not unique to Amazon Web Services (AWS) or any of the other cloud vendors. Microsoft Azure, Google Cloud, other public clouds, and even on-premise data centers can all benefit from multi-factor authentication. Cloud administrators must know their role and do their part in the Shared Responsibility Model: The cloud vendors are responsible for the security of the cloud and the customer is responsible for security in the cloud. That applies to passwords in general and MFA in particular, as Identity and Access Management (IAM) falls within the domain of the customer.

 

Conclusion

The value of MFA is clear. Enterprises should enable MFA for their end users and service providers should encourage their clients to do so as well. With the public cloud’s Shared Responsibility Model, it is incumbent upon each organization, and ultimately each individual, to do their part to secure their resources. A user’s identity is perhaps the most important—and weakest—link in the security chain. Multi-factor authentication can reinforce that link.

 

Next Steps

Add unified secure configuration, activity monitoring and regulatory compliance to your cloud infrastructure with cloud management by CloudCheckr. CloudCheckr makes tracking IAM and permissions simple by centralizing control and applying best practices. Get started today with a live demo or free, 14-day trial.

Todd Bernhard
Todd Bernhard is a Product Marketing Manager at CloudCheckr and AWS Solutions Architect Associate and AWS Certified Cloud Practitioner. He has been administering, teaching and developing on Unix systems since 1984 including 16 years at Sun Microsystems, now part of Oracle. In 2010, Todd founded the award-winning app development firm NoTie.com. This photo is the last known image of him wearing a tie!
Subscribe to our Blog
Sign up now to get more great content.

Related Resources

TRY CLOUDCHECKR FREE FOR 14 DAYS!
Learn how CloudCheckr can help you optimize and automate your cloud.
WANT TO SEE CLOUDCHECKR IN ACTION?