User authentication plays a central role in password resetting. Passwords are still the most popular user authentication method even though they are proven to be notoriously weak due to the fact that they are managed by people – the weakest link in the security chain. Its human nature to choose weak passwords that can be remembered easily, however such passwords can also be easily hacked.
Relying on policy alone to increase password complexity does not solve the problem as end-users tend to forget long, overly complex passwords. This leaves users with two choices; write down the complex passwords or call the service desk to reset and unlock accounts. Both instances are not ideal – high risk or high cost.
Two factors are better than one
Multi-factor authentication adds another layer of security by combining two or more of these factors – something you know (username and password), something you have (hardware), and something you are (biometrics).
In the most common situations, users are required to enter their password and a code will be sent to their phones before they get access to their account.
Multi-factor authentication can be highly effective in fending off malicious attackers. Following some high-profile password attacks, companies like Apple, Amazon, Google, Twitter and PayPal are shoring up their systems with multi-factor authentication. To test the security level multi-factor authentication provides, Christopher Mims at The Wall Street Journal did something most Internet users would never do – he exposed his Twitter password to the public and challenged people to hack into his Twitter account. After endless attempts from strangers his account withstood the assault and remained secure.
Does this mean multi-factor authentication provides ironclad protection? No, it doesn’t and there isn’t one security solution that is impenetrable. There will always be sophisticated and motivated attackers out there that find weaknesses in any system to exploit. However, the bad guys are counting on you being lax in protecting your data so they can break into your system easily. When you make an attack difficult and time-consuming, you are making yourself a less tempting target.
Striking the right balance between usability and security
If multi-factor authentication can significantly lower the risk of attacks, why aren’t more companies implementing it? Simply put: inconvenience. Many believe requiring an extra step to authenticate a user may slow down user workflows and make it cumbersome to use.
There doesn’t always need to be a trade-off between usability and security when it comes to multi-factor authentication. The new generation multi-factor authentication is being developed to support a broad range of identity services that can be used to increase password security and flexibility. IT administrators can pick and choose, based on role and security policy, which identity services they want to extend to end users to verify their identity when resetting or unlocking their accounts.
Watch this webinar to learn more about user authentication.
Thorbjörn Sjövold is the CTO at Specops Software