Strong authentication is a mechanism to verify user identities that is robust enough to endure targeted attacks and prevent unauthorized access. Now keep in mind, that ‘strong’ is a relative term, and depending on who you ask, you may get wildly varying definitions of strong authentication.
Some may regard a typical login screen with multi-factor authentication (MFA) as strong authentication. Others may achieve it through biometric verification and adaptive MFA. Still others may use a hardware token and RSA-encrypted user passwords to bolster their authentication process.
How one perceives, defines or implements strong authentication depends on their security awareness, risk profile and regulatory requirements.
As we indicated above, strong authentication is an abstract term. Its implementations may differ from organization to organization, but its essence and purpose remains the same. Strong authentication makes it more difficult for malicious actors to access your internal systems. The objective though, is to keep the sign-on process convenient and quick for genuine users, while protecting their credentials and the organization’s infrastructure.
The universal way to strengthen authentication is by making it a multi-step process. Strong authentication uses more than just user credentials for login. Secondary authentication steps may include MFA code, one-time password (OTP) sent via text message, RSA SecurID, smart card or biometrics.
Strong authentication is often complemented by granular, role-based authorization. Authorization ensures that users get access only to services and systems for which they need to do their job tasks.
Authentication plays a crucial role in protecting the sensitive resources of an organization. If it’s not strong enough, malicious actors may succeed in gaining unauthorized access to your systems. Let’s look at a few ways that weak authentication can make your organization susceptible to compromise:
Using strong authentication techniques protects your organization from such situations, and enhances cybersecurity. In other words, if you use OneLogin MFA, or the OneLogin Protect app, attackers would need much more than an exposed password to launch an attack.
Here are a few best practices that can strengthen an authentication process:
The terms “strong authentication” and “multi-factor authentication” are often used interchangeably. However, not all multi-factor authentication approaches can be deemed strong. The strength of MFA is dependent on the robustness of the authentication factors.
For example, if you are using a weak secondary authentication factor (e.g., codes via text messages, emails), then your MFA strategy can’t be considered strong. Conversely, if you are using stronger factors (e.g. hardware tokens or facial recognition) for secondary or tertiary authentication, then your MFA can be regarded as strong.
There are different techniques to achieve strong authentication. Here are a few:
A physical authentication key is one of the strongest ways to implement multifactor authentication. A private key, stored on a physical device, is used to authenticate a user, such as a USB device that a user plugs into their computer while logging in. This device serves as the secondary authentication factor for the user.
Biometrics are another tool to implement strong authentication. Biometric authentication verifies a user by checking their biological or behavioral characteristics, such as using facial recognition, vein scanning, retina scanning – or behavioral data, like keyboard cadence, screen usage, mouse movement etc.
Push notifications can be used as a secondary authentication factor. After the user enters the correct credentials, they receive a push notification on a specialized application installed on their smartphone. This notification allows the user to approve or deny the login request.
One-time passcodes, generated by authenticator applications, like the OneLogin Protect, can also be used to strengthen authentication. In this approach, the user enters auto-generated codes from these applications to complete the sign-in process.