BANDAR SUNWAY – Multifactor authentication (MFA) is already ingrained into our daily lives, perhaps without us even realising it.
Ordering food online from a new device? You would need your username, password, 5-digit PIN code, and a forwarded six-digit OTP code — all just to grab a bite. Transactions both large and small are even incorporating biometric authentication features, requiring thumbprint or face scans to authenticate the largest banking transactions to the smallest in-app purchases.
Make no mistake, the standard username-password combo is still effective at keeping herds of amateur cybercriminals at bay. MFA may seem like stacking layers upon layers of authentication in the name of added security, which is still undoubtedly its main purpose. However, by changing how we view account security, we can immediately understand why adding MFA can improve account security drastically.
Key in combating data breaches and leaks
January last year, a database containing more than 280 million Microsoft customer records were leaked on the web, exposing email addresses, IP addresses and support case details. Just three months later, over 500,000 Zoom teleconferencing accounts went up for sale on the dark web, all being sold for less than a penny each.
Despite the mounting number of data leaks and breaches over the pandemic, account users with MFA enabled need not go into a panicked frenzy. Because, in addition to the username and password, the cybercriminals need to gain direct access to the user’s phone to derive any meaningful benefit from the leaked details themselves. A simple password change might even undo all the efforts these cybercriminals had to go through in order to obtain the data in the first place.
Hence, MFA plays a crucial role in protecting account security in a digital environment where both businesses and consumers are under mounting pressure from ransomware attacks, data breaches and data leaks.
Added security is compounded
From first impressions, adding phone devices to the authentication process merely adds a single layer of security. However, this layer is more accurately described as a broad band of compounded security features, all of which will improve account security drastically.
Firstly, almost everyone will immediately notice if their phones went missing. Insights from Hootsuite states that an average Malaysian spends four and a half hours using mobile internet every day. These hours are in fact spread out evenly across time, from quickly checking messages and notifications to browsing casually on social media.
Phone devices rarely leave the user’s proximity, and missing phones usually induce a sense of panic — usually driven by security concerns and the fear of leaked private contents. By tying together account security to the device itself, users are indirectly protecting their accounts by carefully handling their phones throughout their day-to-day lives.
In the unfortunate event of phones being stolen, cybercriminals also need to spend considerable effort trying to gain access to it through PIN codes, giving users plenty of time to take corrective actions. Compounded with biometric authentication and system-wide locks for multiple failed login attempts, cybercriminals need to go through not one, but two security systems in order to derive any substantial benefit from the stolen devices.
Protection against weak passwords
Like most security concerns, the weakest link usually lies in the end-user themselves rather than the technological system that powers it. Cybersecurity firms have long warned against the use of simple and predictable passwords, advocating for longer passwords with a healthy mix of capitalised letters, numbers and special characters.
Yet, end-users tend to ignore this advice and opt for something more comfortable and easier to remember. In 2019, Google released a report stating that about one in four Americans still uses passwords such as “qwerty”, “123456”, and even “password”. With just the username alone, a quarter of online accounts are now essentially open to the public.
Service providers may also find it hard to make a compromise. Forcing users to use complex passwords will significantly hinder the customer onboarding experience, but simple passwords represent a major security gap. This trend has far-reaching implications, especially if the account is linked to enterprise VPN accounts or the company’s private cloud network.
Rather than starting a worldwide behavioural change campaign, technology can help fill in these by diversifying the critical role of passwords within security systems. Through MFA systems, cybercriminals need to go through multiple hoops — gathering more data on the victims or use social engineering techniques, in order to gain access to the account.
These are only a few reasons out of many explaining why MFA could be the future of user authentication, for both businesses and private users. WISE AI is taking an active role in pushing the envelope of what is possible with MFA technology. Interested to learn more about our technology, visit here or contact us at:
WISE AI is an award-winning Artificial Intelligence company specialised in digital identity technologies. We develop world-class emerging deep tech that is adopted by the government and multiple industries. Our AI-powered solutions include EKYC, digital ID, digital signature, and blockchain. Our technology is optimised for the recognition of ASEAN faces.