Over the last few years, cyber security experts have been warning about the substantial risks posed by the traditional username/password system of network access. The arguments against passwords to access business networks are valid: Most users dislike them, and hackers have developed numerous strategies to either figure them out or thoroughly defeat them.
There is a clear need to improve upon username/password credentials, and we are gradually moving in the direction of biometrics such as fingerprints and facial recognition. Many technologists believe that we are still a good decade away from widespread adoption of biometrics as the new standard for digital access and verification. In the meantime, we need to improve upon the usr/pwd paradigm, and multi-factor authentication (MFA) has thus far proven to be secure and effective.
You may have heard about MFA being referred to as two-factor authentication, or 2FA. In November 2021, technology giant Google began rolling out a widespread process to implement 2FA across millions of accounts; the company is naming this effort to improve cyber security "two-step verification," and it will take advantage of existing devices that have been previously verified as trusted.
There are various ways MFA can be implemented on business networks and cloud applications. One of the most popular methods is to send a verification code to internet-connected devices commonly carried by users; smartphones come to mind in this regard because users have grown accustomed to carrying them at all times.
Trusted and controlled data sources can be used in lieu of mobile devices for MFA. Sending an email verification link can sometimes be more secure than mobile text messages. When dealing with confidential information and sensitive data, 2FA may not be enough, and this is why we are seeing more banks and law firms implement MFA solutions that may include hardware tokens.
In the future, we may see MFA and other credential verification methods even if biometrics such as fingerprint scanning are used. The reason for this extra security step is that cybercrime gangs have become quite sophisticated in terms of launching phishing attacks.