Skip to content
11:11 Systems
Rethink Connected
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • 11:11 Systems Consulting
          Consulting Services
          Global Regions
          Cloud Regions
          11:11 Systems Security
          Security

      • Column 2
        • Cloud Console
          Cloud Console
          Catalyst
          Planning and Assessment
          Compliance
          Compliance

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      • ESG Program
      •  
      • Careers
      • Technology Partners
      • Customer Stories
      • Innovation Blog
  • Products & Services
    • Products & Services
      • CLOUD
      • Cloud Overview
      • Public Cloud
      • Private Cloud
      • Object Storage
      • Cloud Labs
      • Colocation/Bare-Metal
      • BACKUP
      • Backup Overview
      • Veeam Backup
      • Microsoft 365 Backup
      • Managed Backup for Cohesity
      • Data Protection Services
      • DISASTER RECOVERY
      • DRaaS Overview
      • DRaaS for Veeam
      • DRaaS for Zerto
      • DRaaS for Azure
      • Managed Recovery
      • Cloud Recovery
      • Cyber Incident Recovery
      • Business Continuity Consulting and Services
      • Physical Infrastructure Recovery Services
      • SECURITY
      • Security Overview
      • Continuous Risk Scanning
      • Managed Detection and Response
      • Managed SIEM
      • Managed EDR
      • Managed Firewall
      • CONNECTIVITY
      • Connectivity Overview
      • SD-WAN
      • Multi-Cloud Connect
      • Managed IP
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Console Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Consulting Services
    • Cloud Console
    • Cloud Regions
    • Planning and Assessment
    • Security
    • Compliance
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • ESG Program
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Colocation/Bare-Metal
    • BACKUP
    • Backup Overview
    • Veeam Backup
    • Microsoft 365 Backup
    • Managed Backup for Cohesity
    • Data Protection Services
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • DRaaS for Azure
    • Managed Recovery
    • Cloud Recovery
    • Cyber Incident Recovery
    • Business Continuity Consulting and Services
    • Physical Infrastructure Recovery Services
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed Detection and Response
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • CLOUD CONNECTIVITY
    • Connectivity Overview
    • SD-WAN
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • Column 2
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Product Documentation
    • API Documentation
  • Contact
  • Console Login
  • Free Trial
Author: 11:11 Systems
Date: February 13, 2019

Breaking Down Multi-Factor Authentication

This blog post originally appeared on the Green Cloud Defense blog. Green Cloud Defense was acquired by 11:11 Systems in.

What is Multi-Factor Authentication (MFA or Cloud MFA)?

Multi-Factor Authentication (MFA) allows you to add an additional layer of security to your authentication process. There are two parts to a traditional authorization setup: A username and a password. We generally assume that your username is known to an attacker, since it is the most public piece of information. Many usernames are displayed by default, such as users on forums, or can be derived by combining a target’s first and last names. That means that the password is the first piece of private information by which a user’s identity can be confirmed.

How does MFA work?

MFA adds another piece of private information (another factor) to the authentication process. There are a handful of different secondary security factors:

  • Something you know, such as a password or PIN
  • Something you have, such as a device
  • Something you are, such as biometric information

So, when you enter your username and password, your MFA service prompts you to check for one of those additional factors. If you do not respond, or provide an incorrect response, it will not allow you to move on. That’s why for many users, MFA just means “another button I have to click to log in.”

How does that make my account more secure?

By requiring you to verify your identity every time you log in, MFA puts another obstacle in the path of an attempted attack. Combining two pieces of information is difficult enough; finding a third makes the task even harder. When the third is also a piece of private information to which no one else has access, it means that every time you log in you prove your identity beyond the ability of most attackers.

Not All Factors Are Equal

The strength of a factor relies on how difficult it is for an attacker to acquire it. The most basic second factor includes PINs, passwords and one-time use codes that you know or retrieve. Since they are just information (something you know), all an attacker has to do is learn that information. A device or physical key (something you have) is more difficult to acquire, since the attacker would not be able to simply learn them. They are still vulnerable to theft or loss though, which makes biometrics (something you are) the most secure factor. While it is still possible for an attacker to overcome biometric security, it is the most difficult type of factor to acquire.

What Are the Weaknesses of MFA?

The goal of improving security is to make a successful attack harder, not impossible. Like any security measure, there are ways in which MFA can be defeated. It is important to keep these potential flaws in mind when utilizing MFA in order to mitigate them and stay as secure as possible.

SMS Hijacking

Many MFA providers use the SMS network to send one-time codes to the customer’s phone on login. The SMS system has several vulnerabilities that a would-be attacker could use to redirect that message to another phone. Attacks can exploit issues with the SS7 network or simply attack the user’s phone company account to change the SIM destination of their phone number. To combat this, switch to a different factor wherever possible and keep a close eye on your cell service to prevent fraud.

Stolen Devices

If your second factor is a physical device, there is a risk associated with losing that device. In some cases, a cell phone will both be a physical factor and store a digital password. This means that if an attacker were to gain root access to the phone, they would have access to the entire account. Using cell phones as a second factor works best for services or accounts that are not directly stored on the phone.

Social Engineering (Phishing)

Even the most secure MFA installation can be breached through Phishing attacks. The most common attack uses a fake version of the target website that attempts to trick users into entering their username, password and MFA token. When the login attempt is forwarded to the actual version of the website, the phishing site picks up the user’s session token. This enables the attacker to access the user’s account without the need to have their actual username, password or other factors.

So How Do I Stay Secure?

Education

Keeping users educated on security risks is crucial to maintaining a good security posture. Employees who are less knowledgable about the basics of virtual security are more vulnerable to social engineering and phishing attacks, which are still the most common threat to large infrastructures. Education that results in more competent users also improves security hygiene and decreases operational costs.

Infrastructure

Make sure your infrastructure has been evaluated for security risks. This may include penetration testing (or pen test) or other security services from an accredited security firm. Pen tests will evaluate the overall security posture of a corporation, including the design of its infrastructure and the vulnerability of its users. Most security organizations will include a plan of action with the result of a pen test to improve security and make sure your MFA (or other authentication scheme) is adequately protecting your business.

How Do I Add MFA to My Accounts?

MFA and Personal Accounts

Many popular service accounts allow users to add a second factor to their account (see TwoFactorAuth.org for a list). The most common factors are one-time passwords delivered through SMS, email or authenticator apps. When you add a second factor you will usually receive recovery codes for use if you can’t access your one-time code. These codes should be kept in “cold storage” (a thumb drive or written down in a notebook) in order to make sure you can always access your account. Unfortunately, there isn’t a good way to use MFA with a vendor who does not explicitly support it. That’s why it’s important to keep your primary points of access (such as logging in to your computer) secure as well.

MFA and Business Accounts

Your options for MFA improve for business accounts since your company has full control over your environment. Microsoft Server supports RADIUS authentication, which administrators can configure to use an MFA server. Services such as Duo MFA provide a central point of management for your domain’s authentication. It is also possible to enforce policies for physical or biometric factors.

MFA and Green Cloud

Green Cloud enforces mandatory MFA on the Partner Portal. We support SMS, E-mail and Domain authentication for both Microsoft AD and Google Domains. Beyond that, there are various ways Green Cloud services can be configured to implement MFA, such as using a SAML Active Directory provider to authenticate logins to vCloud Director. DaaS also supports the use of RADIUS authentication.

Bottom Line: Is Multi-Factor Authentication Worth the Trouble?

Resoundingly, yes. MFA is a more secure way to authenticate users, and it is widely supported on a variety of platforms. While it has its weaknesses, when implemented by itself it solves many issues associated with password-only authentication. Supplemented by a properly-designed infrastructure and user education, MFA is a great tool to improve security posture.

LEARN MORE: Check out our Knowledge Base

Category: SecurityBy 11:11 SystemsFebruary 13, 2019
11:11 Systems

Author: 11:11 Systems

11:11 Systems (“11:11”) is a managed infrastructure solutions provider that holistically addresses the challenges of next-generation managed cloud, connectivity and security requirements. 11:11 combines the teams and technology behind market leading, analyst vetted companies like Green Cloud Defense and iland to deliver increased performance, optimization and savings.

Post navigation

PreviousPrevious post:A Career in Cybersecurity? Advice from a CISO.NextNext post:Changes To Cyber Insurance Mean Adjusting Your Approach to Managing Risk

Related Posts

password, password guidance
Revolutionizing Cybersecurity: Global Coalition Unveils Password Guidance!
November 20, 2023
insurance industry, cybercrime, cyber security
Part 2: What cybersecurity measures can insurance companies and providers take to thwart cyberattacks like ransomware
November 14, 2023
insurance industry, cybercrime, cyber security
Why the Insurance Industry is a Prime Target for Cybercrime
November 13, 2023
tips for cyber security success, cybercrime, cyber threats
11 Tips for Cyber Security Success
November 9, 2023
Digital cloud
The Crucial Link, part two
October 25, 2023
cyber insurance
Cyber Insurance: A Must-Have Companion to Your Homeowners or Renters Insurance
October 23, 2023
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Connectivity Solutions
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • Twitter
  • Youtube

© 2023 11:11 Systems Inc., All Rights Reserved | Privacy Notice | Website Terms of Use |

Go to Top