Security in Mobile application part3(Multi-factor Authentication)
Hi Everyone,
It is our fourth article on Security in Mobile applications and if you anyway have missed all other articles then please visit the below article to raise understanding of Security in mobile applications.
This article is dedicated to Multi-Factor authentication. Adding Multi-Factor authentication will add one more layer of security in a mobile application. We will discuss the below points in this article:-
What is Multi-Factor Authentication(MFA)
Working of MFA
Detail understanding of MFA
2-Factor Authentication
What is Multi-Factor Authentication(MFA)
First, we need to understand what is MFA. As the name suggests, there are multiple factors involved to access an application or some part of the application. So, MFA is a way to enhance security by involving more than one factor other than username and password or Pin.
Working of MFA
If an application has MFA introduced, then even if the user’s username and password are compromised, the user may manage to escape security breach by involving one more factor. The most general form of MFA we see these days in the form of OTP we receive while paying in any E-commerce or other applications where we are required to input our CVV number(if card saved), then we also need to enter the OTP we receive.
Detail understanding of MFA
There are three types of factors in MFA which are:
- Knowledge Factor: In Knowledge Factor, a user is required to memorize information. That information can be in any form like Username-password, PIN, or Card information like CVV number.
- Possession Factor: In Possession Factor, a user has something which belongs to that user only. This can be anything like a Mobile phone, Card, or any other physical entity.
- Inherence Factor: In Inherence Factor, the user inherits some characteristics which only that user has. This can be a fingerprint, Facial pattern, Voice pattern.
The above three are the main factors we can involve but other factors can also be introduced like the Location factor and Behavioural Factor. We will read more about this at the end of this article.
So, in any system, the involvement of knowledge, possession, and inherence factors are called Multi-factor Authentication.
2-Factor Authentication
2-Factor authentication is an authentication where any two factors are involved to log in or perform any other task. Two factors can be either Knowledge + possession, Knowledge + Inherence, or Possession + Inherence factor.
It’s always better to have at-least 2-Factor or Multi-Factor authentication to make our application secure.
As discussed briefly in the other authentication factors like Location and Behavioural, we can make an intelligence system which if required can introduce another factor.
Location-based authentication generally tracks the user’s geolocation, The Behavioural factors involve the user’s behavior like typing speed, from where the user is accessing information, time at which the user attempting to retrieve information.
So, Location and Behavioral-based factors are also called Risk-based Authentication. At least one authentication is a must. If any such thing is observed, which is out of context as user typing behavior doesn’t match or user using its system at odd hours or any other reasons then another factor can also be introduced by the system.
These are the add-on security measures we can introduce for making our applications secure. This, along with other security measures we read in our earlier article helps us to secure our data. As I have mentioned earlier, that we need to make it extremely difficult for any hacker to hack into our system. It is at least should be part of any application for it to have a basic layer of security.
This is all for Multi-Factor Authentication. I’ll see you in our next article😊.
