The first level of security on computers, systems, websites and apps is to require a user to create an account with a username and password. A second layer of authentication, Multi-function Authentication, is frequently employed to provide additional security.
1. Setting a strong password
A password with the following characteristics is generally considered to be secure:
- eight or more characters
- uppercase and lowercase letters
- digits
- special characters
- must not include discoverable information such as personal details (name, birthday, id number)
2. Password best practice
- Do not use the same password on multiple sites/apps
- Change your password regularly
- Don’t ever write your passwords down or share them
- Do not allow your browser to store passwords
3. MFA
Two-factor authentication (“2FA”) is a subset of Multi-function Authentication (“MFA”). Both aim to bolster security by ensuring that unauthorized users cannot gain access with just a single piece of evidence.
3.1 2FA
Definition: Two-factor authentication adds an extra layer of security beyond just a password. It requires two distinct forms of verification before granting access to an account or system.
- First Factor: The user provides their usual password.
- Second Factor: An additional piece of evidence is required, such as:
- A unique code is sent to the user’s mobile device.
- A hardware token.
- Biometric data (like fingerprints or face scans).
- Geographic or network location.
Purpose: 2FA mitigates the risks associated with relying solely on passwords, which can be vulnerable to hacking, phishing, and reuse across services.
An example of 2FA in action is when you log in to your email account (or other app) and receive an OTP (“One-Time PIN”) on your phone to enter alongside your password. A further example would be an email sent to your email account with a unique link that can only be used once for a limited time to reset a password.
3.2 MFA
MFA is a broader concept that encompasses 2FA. It means securing a resource (such as an online account) using more than one type of credential.
Beyond the password, MFA incorporates factors like:
- Biometric data (fingerprint, face scan).
- Physical location.
- Possession of a specific device (e.g., phone or token).
Purpose: MFA enhances security by requiring multiple pieces of evidence to verify identity.
Example: Using a cloud-based authenticator app that integrates seamlessly within your security stack, like Duo, which verifies user identities in seconds.
3.3 Authentication apps
Microsoft Authenticator
Google Authenticator
4. Password recovery options
These options require you to have set up your account correctly in the first place.
- OTP to cellphone number linked to account.
- Email reset password link to registered recovery email.
- Answering password recovery questions.
References:
- Microsoft Support (no date) Create and use strong passwords. Available at: https://support.microsoft.com/en-us/windows/create-and-use-strong-passwords-c5cebb49-8c53-4f5e-2bc4-fe357ca048eb (Accessed: 7 April 2024).