Due to the overwhelming response and engagement on my recent LinkedIn article about MFA, I’ve decided to reprise it here for completeness.
As online threats continue to evolve, it’s more important than ever to protect your accounts with multi-factor authentication (MFA). But not all methods are the same.
Traditional MFA methods like SMS codes are no longer secure enough to prevent sophisticated attacks. Even advanced MFA methods like push notifications have their own drawbacks. So, what’s the best way to defend yourself against online threats? According to the National Cyber Security Centre (NCSC), using Fido2 keys has been shown to be a secure and convenient MFA option. Nice to know that they share my view 😊
Why MFA is necessary: In today’s digital world, passwords alone are not enough to secure online accounts. With data breaches and hacking attempts on the rise, it’s essential to add an extra layer of protection to your accounts. MFA does just that by requiring users to provide multiple forms of authentication to access their accounts. By combining something you know (like a password) with something you have (like a physical key or token) or something you are (like a footprint), MFA makes it much harder for attackers to gain access to your accounts.
Traditional MFA methods such as SMS codes are no longer secure. While SMS-based MFA has been a popular choice in the past, it’s no longer considered a secure option. The U.S. National Institute of Standards and Technology (NIST) removed SMS-based MFA from its list of recommended authentication methods in 2021 due to its vulnerabilities. According to cybersecurity expert Brian Krebs, “SMS-based 2FA [two-factor authentication] is not only less secure than other forms of 2FA, it’s not really 2FA at all.”
Even advanced MFA methods such as push notifications have problems. Push-based MFA has become more popular in recent years, but it still has its own limitations. According to the European Union Agency for Cybersecurity (ENISA), push-based MFA can be vulnerable to man-in-the-middle attacks (an attacker intercepts communications between two parties), MFA bombing (attackers repeatedly push second-factor authentication requests to the target victim for them to approve it) and may not provide sufficient protection against social engineering tactics. ENISA recommends that users consider using hardware tokens or biometric authentication instead.
So back to Fido 2, why is it more secure? Fido2 cryptographic login credentials are unique across every website, never leave the user’s device and are never stored on a server. This security model eliminates the risks of phishing, password theft and replay attacks. According to the World Economic Forum, FIDO-based authentication solutions are more providing greater protection against phishing and man-in-the-middle attacks (nice to know that they also share my view 😊). Google use it and has reported that it has not had a single confirmed account takeover since it started requiring its employees to use Fido2 keys in 2017.
In conclusion, the importance of using strong MFA to protect your online accounts cannot be overstated. Traditional MFA methods like SMS codes are no longer secure, and even advanced methods like push notifications have their own limitations. Use the strongest method you can. By using MFA method like Fido2 keys, you can significantly reduce the risk of your accounts being compromised. Don’t wait until it’s too late – take action now to improve your online security with MFA.
Disclaimer: I do not have any financial or professional interest in promoting FIDO 2 technology or any specific security solution. My views on the importance of MFA and the vulnerabilities of traditional authentication methods are based on my professional experience in cybersecurity and my analysis of industry research and best practices.
Leave a Reply