What is Authentication?
Authentication is the process of verifying something is what or who it claims to be. In the art world, authenticating a painting can involve use of X-ray images of the canvas, chemical analysis of the paint, and examination of the artist’s signature, among other factors used to prove or disprove the authorship of a painting. In computing, authentication for systems, services and applications has traditionally been done a set of credentials, almost always a username and a password.
Passwords have been the workhorse of computer authentication for decades, but they are increasingly becoming less effective as the sole authentication factor due to advances in hacking tools and tactics, and especially social engineering effort (e.g., phishing emails) that lure users into providing malicious actors with confidential or sensitive information, including credentials to access systems, services, applications or data.
What is Multi-factor authentication?
Despite the password’s shortcomings, passwords are popular because they are simpler and cheaper to implement relative to other factors. To overcome its shortcomings, we need to add another factor to mitigate the vulnerabilities inherent to password-only authentication.
Multi-factor authentication (MFA), sometimes referred to as two-factor authentication (2FA) establishes a third–or more– additional authentication methods, which may include a PIN number, a one-time password or passcode, or a biometric signature (e.g., fingerprint on a screen or touchpad).
You most likely have already used MFA, for example, logging into an online banking account, where the user is required to enter a username, password, and receive a one-time password (OTP) via SMS/Text Message. The OTP is limited to that session and can't be used for future login to the same system.
MFA provides an exponential leap in security from passwords alone, and colleges and universities who have migrated to MFA have seen immediate benefits.
- Harvard University stated in a security conference in March that after moving to MFA the rate of hijacked accounts dropped by over 90%.
- Wentworth Institute of Technology successfully adopted MFA last year and has also observed a decrease in compromised accounts. According to Jim McFarland, WIT's AVP of Information Technology.
Wentworth, like most institutions, was dealing with a steady increase in the amount of phishing attempts and other activity designed to try and compromise the accounts of our students, staff, and faculty. We decided to implement two-factor authentication to add a second layer of security.
Both schools use a product that sends a unique code to the user’s chosen phone number during the authentication process.
MFA as a requirement at MassArt
MassArt is actively implementing a multi-factor authentication solution called OneLogin, which will cover all MassArt systems, applications, services and data. In addition to being a best practice for cybersecurity, MFA is rapidly becoming a requirement for various forms of compliance which the College is subject to, and to reduce risk and cost–for example, to keep Cybersecurity insurance rates low.