Gone are the days when logging in with a username and a strong password was enough. Only last summer, the Internet saw a leak of nearly 8.5 billion unique passwords exposed to the public.
Leaks like this are the reason why additional security measures like multi-factor authentication (MFA) rank high among security best practices. In this blog post, I’ll share some views on MFA and show you how to switch it on for your GoodAccess business cloud VPN account and application.
1. What is multi-factor authentication?
2. What is adaptive authentication?
3. What are the pros and cons of MFA?
4. How do you enable MFA in GoodAccess?
5. Enabling MFA on your GoodAccess account
6. Enabling MFA on your GoodAccess app
Multi-factor authentication, or MFA, is an access control technique that strengthens the security of user authentication. It includes its predecessor of two-factor authentication, or 2FA, which requires an additional proof of identity on top of username and password, such as a pin number, a one-time code sent via a text message, or authentication with a specialized app. MFA extends the concept by introducing more authentication factors.
The idea behind multi-factor authentication is to use more diverse information that is unique to the user’s identity to better verify their legitimacy. Thus, if the username and password get stolen, the adversary cannot misuse them as they would lack the additional factors required to receive access.
Broadly speaking, these factors come in three categories.
However, requiring you to provide several factors of authentication every time you log in would be frustrating, so identity providers often turn to adaptive authentication in response to the circumstances under which you log in.
Adaptive authentication, sometimes called risk-based authentication, takes into account the perceived risk indicated by your behavior. For instance, if you log in from the same location every day at roughly the same time, you could do with just your username and password.
However, if you suddenly try to access company systems from a location far away and at an unusual time, you will be asked for another factor. Furthermore, if you fail to provide the factor repeatedly, you may be denied access altogether.
This is because your behavior does not correspond to what you usually do, and security is thus adaptively strengthened to minimize the chances of a potential attacker gaining access.
As a key component of building zero-trust network access, MFA is widely recommended, but there still are certain concerns to keep in mind.
GoodAccess allows you to set up MFA in your account login as well as your app. Doing this will require you to enter a one-time code every time you log in.
First, download an authenticator app, such as Google Authenticator, Microsoft Authenticator, or Authy for your computer or device.
Next, go to Settings in the GoodAccess Control Panel and go to Security.
Here, enable 2FA for your account login by flipping the switch to the ON position.
Scan your QR code and then type your one-time code in the box below.
Finally, you should see a green pop-up informing you of a successful MFA activation.
First, download and install an authenticator app such as Google Authenticator, Microsoft Authenticator, or Authy on your computer or device.
Next, go to Settings in the GoodAccess Control Panel and switch to the Two-Factor Authentication tab.
Check the checkbox for Two-Factor Authentication and click Save Changes.
Now, open your GoodAccess app and try to log in. You should be prompted to complete 2FA.
Scan the generated QR code and then type in your one-time passcode in the box below.
Once you have authorized 2FA, you should see a green pop-up informing you about successful activation.