Multi-factor authentication enhances security by combining information from multiple sources to validate your access. Security experts divide these sources into three groups:
- Something you know: like a password, PIN, or the answer to a secret question.
- Something you have, like a cell phone, access token, or ID card.
- Something you are: like your appearance, fingerprints, or voice pattern.
Many security systems only rely on something you know. These can be defeated more easily. For example you might write your secret down and share it with others, or somebody might shoulder-surf to learn what it is. Sometimes banks or other organizations may try to improve security by piling on more things you need to know, but this can only improve the situation so much. Often it makes matters worse. (Can you remember the name of your mom's, first boyfriend's, favorite pet?)
The best security systems use at least one type of authentication from each of the groups above. As you can imagine, not all forms of identification are appropriate for every situation or security need. For example, it would be very difficult to provide a fingerprint while ordering products over the web or phone. However, using at least 2 different types provides better security than just a single type.
Beowulf gets the first type of identification (something you know) from your username and password. The second type (something you have) is accomplished by sending you a secret code using a communication channel that is pre-arranged when your account is first enrolled. Depending on how your system administrator and security team configure Beowulf, here are three possible ways that to verify something you have:
- Installing a software token on your mobile phone or computer.
- Sending a random code to your cell phone via SMS.
- Sending a validation link to your backup email account.
With Beowulf multi-factor authentication in place, an attacker would not only have to know or guess your username and password, they would also have to find a way to gain access to your phone or backup email account and use it at the exact time when they are trying to gain unauthorized access to your account. This makes it much more difficult for the intruder, and much less likely that they are going to succeed.
This almost goes without saying, but Multi-factor authentication has become increasingly important in the wake of recent cyber-attacks and security leaks. Given the current threat landscape, if you have a public facing SharePoint site, it would be quite foolish not to leverage some sort of advanced authentication to protect it.