top of page
Search

OWASP Cheat Sheet - Multi-Factor Authentication

For this topic, I've chosen Multi-Factor Authentication. Multi-factor (aka. Two-Factor or 2FA) authenticaiton is when a user is must use more than one type of evidence to authenticate on a system. The different types of MFA are something you know (ie. passwords), something you have (ie. tokens), something you are (ie. fingerprints), and location (ie. geolocation).

The threat this would protect is compromised user accounts that use weak, re-used, or stolen passwords. As a developer or system admin, you should assume that a user's password will be compromised eventually. MFA is the best defense against most of password related attacks. However, it is not without some disadvantages. Using MFA creates increased management complexity for both administrators and end users and may be burdening to some less technical users to configure.

There are many ways to implement this, but the most important place to require MFA is on an application when the user first logs in or when sensitive actions like changing passwords, email address, etc.

If you want to read more about this, you can check it out here or click on the references link.

References:

 
 
 

Recent Posts

See All
Assessing PCI DSS Requirement 8

Assessing PCI DSS Requirement 8: Secure Passwords for Organizations Processing Credit Card Data Credit card information is a top target...

 
 
 
The Importance of Risk Management

The Importance of Risk Management in Cyber Security Assessments and Audits In today's digital age, the risk of cyber-attacks and data...

 
 
 
The Importance of Auditing

The Importance of Auditing: A Comparative Analysis of Internal and External Audits IT auditing is the process of assessing a company's...

 
 
 

Comentários

bottom of page