Boost Multi-Factor Authentication With A Blended-Defense Strategy

A look at leveraging your MFA solution for maximum benefit and security

Since the dawn of the password, technology has evolved faster and faster as each year goes by, making security education and awareness even more crucial for consumers and employees alike. After all we are all creatures of habit, and oftentimes those habits (like using the same few passwords across devices) carry over to our professional lives. As such, we’ve quickly learned that the traditional password is no longer sufficient enough to prevent hackers from getting into our accounts containing a plethora of information that can be crippling to any enterprise.

Going back to being creatures of habit, it is not unusual for individuals to use the same five (or fewer) passwords for all of their accounts. By doing so, hackers can get into multiple accounts just by cracking one password. And so, multi-factor (or two-factor) authentication was created as a way to strengthen security best practices and hopefully make it harder for hackers to crack.

Benefits To MFA

In an April 2018 Task Force 7 Radio episode, Host George Rettas spoke with Eduardo Perez, SVP - Regional Risk Officer, Visa Latin America and Caribbean, about the shift in mobile payments – and Visa’s presence at the cutting edge of MFA beyond the password.

Perez said that there has been an “explosion of different types of (related) solutions coming to the market.” He cited Apple Pay and Samsung Pay as two useful tools. EMV Chip technology, he said, generates a code/cryptogram for each unique transaction. Perez also cited the growth of biometrics as something that could enhance the space. Biometrics, he said, will allow the consumer to authenticate themselves – even using fingerprints. In the near future, it could also include voice recognition.

Perez said there’s been an explosion of use cases around mobile payment solutions, many of which allow for payment at the point of sale and within applications. A combination of tools – tokenization, EMV chip technology and biometrics – will more securely allow consumers to make transactions “in any way and any day.”

See Related: “Cyber Pros Offer Insight On Credit Card Fraud, Mobile Payments & Data Scandal

In the closing minutes of the show, Perez touted Visa’s Threat Intelligence program (including the “indicators of compromise”) and its ID Intelligence platform, which provides authentication services to partners in the payment system.

Perez also spoke about the evolution of the password, and whether the ID Intelligence service is its “death knell.” He said that with the platform, solutions are offered that “don’t depend on static credentials.”

“(We) believe biometrics and other forms of authorization offer consumers a secure, convenient and fast way to pay…”

Regardless, though, criminal groups and operatives will continue to target the financial system. Perez said the industry must “remain vigilant.”

While this segment focused on the implications for mobile payment, MFA also has some benefits and features that can make it more secure for the enterprise. However, as Perez implied, it’s important for individuals to understand the realities of using an MFA solution. In other words, just because you are using MFA, doesn’t mean your accounts are un-hackable. 

See Related: “Incident Of The Week: 21M Users Affected By Recent Timehop Breach”

That is why on March 21, 2019 Cyber Security Hub will host a web seminar featuring Chief Hacking Officer Kevin Mitnick, who will unveil real-life examples of every attack type for MFA solutions. By keeping a close eye on the benefits and challenges associated with MFA, enterprises will learn how to be a better defender against these attacks. The session will also include:

  • 12 ways hackers get around two-factor authentication
  • How to defend your multi-factor authentication solution
  • The role humans play in a blended-defense strategy

Plus, audience members will be able to ask questions in real-time to Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, in order to learn how to get the utmost value out of their MFA solutions.

Register here: “12 Ways To Defeat Multi-Factor Authentication