All Roads Lead to Rome – Many Factors to More Secure Data
According to a Statisa survey only about half of the interviewed internet users in Germany use a second factor for at least one more service apart from online banking. But what exactly is two-factor, or multi-factor authentication (MFA)? And why should more people use it?
The use of a second factor ensures that applications and data remain secure even if the chosen password is too weak, or was stolen. The second factor serves as additional proof of authenticity, and can take various forms: a one-time use number code which can be sent via email or text message, a hardware token or an app which generates randomised number strings.
Protecting What’s Valuable
In a business context, or a personal one, data belongs among goods that are especially deserving of protection. Above all, it must be ensured that only authorised persons can access data. In order to make MFA as effective as possible it is crucial to choose the right combination of different factors. The German Federal Office for Information Security (BSI) emphasises that the employed factors should belong to different categories, i.e. knowledge (like a password), possession (mobile device, TAN generation or similar), this way the system security can actually be increased. Moreover, it is also important to look at how a second factor is rolled out. Only a carefully defined roll-out process allows for the second factor to effectively increase the overall security of data. If the second factor is only legitimised by an already existing password, security might not be really increased as the password could already be compromised. For the same reason the factors should always be transmitted via different channels.
More Data Security with Open Source
Just like in many other IT sections, there are well-established and secure open source solutions for MFA. One of these is privacyIDEA from the company NetKnights. Also DAASI International offers their customers the option to improve the security data and resources with an additional factor facilitated by this open source software. Thanks to the high level of standard compatibility all software supported by DAASI International can be complemented by privacyIDEA. The GDPR requires personal data to be protected from unauthorised access through appropriate technical and organisational measures with a level of protection commensurate with the risk and taking into account the state of the art. As MFA is becoming more and more established, DAASI International also recommends to rely on MFA.
If you are looking for support for a MFA project with privacyIDEA, feel free to contact us.
BSI on the topic of MFA (German only): https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Accountschutz/Zwei-Faktor-Authentisierung/zwei-faktor-authentisierung_node.html
Feature list for the solution privacyIDEA: https://www.privacyidea.org/about/features/
GDPR art. 32: https://gdpr-info.eu/art-32-gdpr/