Gone are the days when logging in with a username and a strong password was enough. Only last summer, the Internet saw a leak of nearly 8.5 billion unique passwords exposed to the public.
Leaks like this are the reason why additional security measures like multi-factor authentication (MFA) rank high among security best practices. In this blog post, I’ll share some views on MFA and show you how to switch it on for your GoodAccess business cloud VPN account and application.
Table of contents
1. What is multi-factor authentication?
2. What is adaptive authentication?
3. What are the pros and cons of MFA?
4. How do you enable MFA in GoodAccess?
5. Enabling MFA on your GoodAccess account
6. Enabling MFA on your GoodAccess app
What is multi-factor authentication?
Multi-factor authentication, or MFA, is an access control technique that strengthens the security of user authentication. It includes its predecessor of two-factor authentication, or 2FA, which requires an additional proof of identity on top of username and password, such as a pin number, a one-time code sent via a text message, or authentication with a specialized app. MFA extends the concept by introducing more authentication factors.
The idea behind multi-factor authentication is to use more diverse information that is unique to the user’s identity to better verify their legitimacy. Thus, if the username and password get stolen, the adversary cannot misuse them as they would lack the additional factors required to receive access.
Broadly speaking, these factors come in three categories.
- Something you know - a password, pin number, one-time passcode (OTP), security question, etc.
- Something you have - a smartphone, USB stick, token, certificate, etc.
- Something you are - facial or voice recognition, fingerprints, etc.
However, requiring you to provide several factors of authentication every time you log in would be frustrating, so identity providers often turn to adaptive authentication in response to the circumstances under which you log in.
What is adaptive authentication?
Adaptive authentication, sometimes called risk-based authentication, takes into account the perceived risk indicated by your behavior. For instance, if you log in from the same location every day at roughly the same time, you could do with just your username and password.
However, if you suddenly try to access company systems from a location far away and at an unusual time, you will be asked for another factor. Furthermore, if you fail to provide the factor repeatedly, you may be denied access altogether.
This is because your behavior does not correspond to what you usually do, and security is thus adaptively strengthened to minimize the chances of a potential attacker gaining access.
What are the pros and cons of MFA?
As a key component of building zero-trust network access, MFA is widely recommended, but there still are certain concerns to keep in mind.
- Better security - One-time passcodes are randomly generated and have a limited expiration period, so there is little danger if they get intercepted. Moreover, it’s highly unlikely that someone would imitate your biometric information.
- Easy to implement - Setting up MFA takes only a few clicks. There is a broad variety of factors to choose from and once set, the MFA remains in place indefinitely.
- Need for additional devices - If you get your one-time passcode sent via phone, you naturally need your phone at hand and must have reception. Alternatively, you need Internet access if you are using an external authenticator app.
- Phishing danger - Text messages can contain phishing lures that trick users to follow a link in the text and give up their access credentials and one-time passcode.
How do you enable MFA in GoodAccess?
GoodAccess allows you to set up MFA in your account login as well as your app. Doing this will require you to enter a one-time code every time you log in.
Enabling MFA on your GoodAccess account
First, download an authenticator app, such as Google Authenticator, Microsoft Authenticator, or Authy for your computer or device.
Next, go to Settings in the GoodAccess Control Panel and go to Security.
Here, enable 2FA for your account login by flipping the switch to the ON position.
Scan your QR code and then type your one-time code in the box below.
Finally, you should see a green pop-up informing you of a successful MFA activation.
Enabling MFA on your GoodAccess app
First, download and install an authenticator app such as Google Authenticator, Microsoft Authenticator, or Authy on your computer or device.
Next, go to Settings in the GoodAccess Control Panel and switch to the Two-Factor Authentication tab.
Check the checkbox for Two-Factor Authentication and click Save Changes.
Now, open your GoodAccess app and try to log in. You should be prompted to complete 2FA.
Scan the generated QR code and then type in your one-time passcode in the box below.
Once you have authorized 2FA, you should see a green pop-up informing you about successful activation.