MFA Guide

From Irregularpedia
Revision as of 17:22, 3 December 2024 by Sac (talk | contribs) (syntax)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

What is MFA

Multi-factor authentication (MFA) is a layered approach to securing online accounts and their data. MFA requires users to provide two or more authenticators to verify their identity before accessing services. This method significantly reduces the likelihood of unauthorized access. According to Microsoft, users who enable MFA are significantly less likely to get hacked. Even if one factor, like a password, is compromised, unauthorized users cannot bypass the second authentication requirement.

MFA is also called Two-Factor Authentication (2FA), Multi-Factor Authentication, Two-Step Authentication, or UFA. All these terms refer to using a combination of what the user knows, has, or is to confirm identity online. Source: CISA

MFA Combines Two or More Independent Credentials

  1. What the user knows (password).
  2. What the user has (security token).
  3. What the user is (biometric verification).

MFA Backup Codes

Backup One-Time Passcodes (OTP) are vital for deployments and should be part of every user's emergency plan. Situations prohibiting personal devices may require using backup OTP to access accounts. Securely store backup codes and ensure they are accessible during critical times.

Types of MFA

  • (WEAKEST) Text Message (SMS) or Email: A service sends a code to your phone or email, which you use to log in. While better than no MFA, SMS/email-based authentication is considered the weakest form.
  • Authenticator App: Generates MFA codes on your smartphone. These codes typically expire every 30 or 60 seconds.
  • Push Notification: Instead of entering a code, you approve or deny a login request via a notification sent to your device.
  • FIDO Authentication: Utilizes secure biometric mechanisms or physical keys, providing a highly secure authentication method.
  • (STRONGEST) Universal 2nd Factor (U2F): Hardware tokens such as CAC, Nitrokey, or Yubikey. These hardware tokens are phishing-resistant and use protocols like FIDO2 for enhanced security. Source: Yubico

How To Enable MFA

App MFA (TOTP)

Follow these steps to enable MFA with an authenticator app:

  1. Log in to the account.
  2. Navigate to Settings.
  3. Go to Security & Privacy.
  4. Enable or set up Multi-Factor Authentication (MFA).
  5. Select "Mobile App" (avoid SMS unless necessary).
  6. Scan the QR Code or enter the MFA "seed" manually.
  7. Securely store the MFA seed in a password manager or encrypted database.
  8. Print and save backup keys provided by the service.

Recommended Software for MFA

Hardware Token (UFA)

Steps for enabling MFA using a hardware token:

  1. Log in to the account.
  2. Navigate to Settings.
  3. Go to Security & Privacy.
  4. Enable or add "Hardware keys."
  5. Insert the hardware token when prompted.

Note: Backups Configure a duplicate hardware token and store it securely as a backup.

Recommended Hardware for UFA

Note: About Buying Yubikeys Higher-end Yubikeys offer additional features such as encryption and signature capability, which may not be necessary for all users.

References

Retrieved from "https://irregularpedia.org/index.php?title=MFA_Guide&oldid=1425"