Authentication is the process of correctly verifying a user’s identity. It answers the question of, “who are you?” when a person requests access to a system. Think about how you log in to your email or social media accounts. Traditionally, you would need a username and a password for the system to confirm that you are who you say you are. Although not the most secure form of authentication today, the concept of passwords is still widely used today because it functions on the assumption that only the user knows the password. These days there are far more secure authentication methods available.
Let’s take a step back and answer the question of, “why is secure authentication necessary?” These days, criminals are constantly attempting to access our data as the world becomes increasingly digitally dependent. If we leave our accounts and systems unprotected, we will find that people with bad intentions steal, damage, alter or destroy that data. We have seen report after report of organisations faced with data breaches since the health pandemic began. Therefore, understanding and employing the appropriate authentication methods can be one of the factors that can keep you from falling victim to a data breach. Here are some standard authentication methods for you to explore:
As mentioned before, password authentication is an option considered by many as inadequate for today’s threat landscape and use cases. Most users tend to reuse passwords across different applications or create easily guessable passwords, making it easier for criminals to access your systems.
Biometric authentication is supposedly one of the most secure types of authentications available due to its dependence on the user’s biological characteristics. This includes things like facial recognition, voice recognition and fingerprint scanning.
For token-based authentication, users will need to verify their identity to receive a unique token that can be used to gain access to the system. Once the user logs out, the token is no longer valid, and the user will need to obtain another one to access the system once more.
Multi-Factor authentication is where access to the system will require a minimum of 2 pieces of evidence from the user. This is a combination of the authentications above encompassing what you know, what you have and what you are. By having two factors, criminals have to gain a lot more information, making it harder to penetrate your systems.
It may all sound a little complicated but setting up multi-factor authentication is actually not that difficult. There are now apps that can help you do that, such as Microsoft’s Authenticator app that allows you to not only sign in securely with a password but also implement multi-factor authentication using your fingerprint, face recognition or PIN, as well as time-based, one-time passcodes to make it much harder for hackers to break into a system.
Secure authentication is an essential piece of the cybersecurity puzzle because it is essentially the first line of defence from an attacker and should be treated as such.
About Dr Dzaharudin Mansor
Dr Dzaharudin is the National Technology Officer (“NTO”) for Microsoft Malaysia. With more than 33 years of professional experience in ICT, he engages with key national technology stakeholders including academics and policymakers to contribute to national development. Passionate in technology, he works closely with academia, holding advisory positions at several universities.