The internet is present in every moment of our lives and technology is present in every aspect of our lives. The importance of technology, which shows its countless benefits in every new step taken and pioneers many innovations with these steps, has increased even more in recent years, especially during the pandemic process we have experienced, and awareness has been gained. The sustainability of business, the continuity of life by being affected as little as possible from the normal course of life, and ensuring these by minimizing place-time and person factors can be realized thanks to technology. In addition to its advantages, easy accessibility has increased the risk of the impact of end-user vulnerabilities on corporate systems. Despite the developing secure communication protocols, end-user impact poses unpredictable risks on information systems.
One of the biggest shortcomings of today's widely used login method, which is provided with a user ID and password, is the possibility of the password being compromised. This situation signals the danger that can cause great damage to both individual and corporate companies.
Eset Threat Report 2021 araştırmasına göre parola tahmini ile ağ saldırıları %53 oranında olduğu açıklanmıştır. Bu tür durumları engellemek için hesabı kilitlemek bir çözüm gibi görünse de, bilgisayar korsanlarının sistem erişimi için başka yöntemleri de var. Nitekim kimlik avı dolandırıcılığının 43 milyar dolarlık kayba sebep olduğu geçtiğimiz sene gazete afişlerinde yer alıyordu.
In 2021, you can find the attack types and CVE numbers below.
- Password guessing
- MS Exchange CVE-2021-26855
- SMB.DoublePulsar scan
- Apache Struts2 CVE-2017-5638
- Apache Log4j CVE-2021-44228
- MS IIS CVE-2015-1635
- Pulse Secure CVE-2019-11510
- MS SMB1 EternalBlue
- MS Exchange CVE-2021-34473
- MS SMB3 CVE-2020-0796
- MS RDP CVE-2019-0708 BlueKeep
- Other web-based attacks and probes
What is Multi-Factor Authentication and How Does It Work?
Based on these threats to our security, the concept of multifactor authentication requires two or more authentication factors to access an account. The system is based on the possibility that an unauthorized person cannot provide the necessary factors for access. If at least one of the components is missing or incorrectly provided in an access attempt, the user will not be authenticated and the requested area and/or data will be inaccessible.
The most common authentication elements within the authentication factors are the knowledge factor, the possession factor and the inheritance factor.
- Knowledge factor; knowledge-based authentication refers to the user gaining access using an element that the user knows. Personal passwords, numeric passwords (pins) are examples of knowledge factor methods.
- Ownership factor implies that users need to have a specific hardware for access, such as a smart card, physical key (hardware token), mobile device (softotp, push notification).
- Heritability factor implies that any biological characteristic of the user must be used for access. The heritability factor includes biometric technologies such as retinal iris scanning, fingerprinting, voice identification, facial recognition.
User location and time-based authentication are among the methods that can be evaluated together with these factors. Mobile devices with global positioning system tracking provide reliable confirmation of login location, while the time-based factor is used to prove identity by detecting presence at a certain time of day (in a certain location).
Among multi-factor authentication methods, two-factor authentication (2FA) is widely preferred. The goal of two-factor authentication (2FA) is to keep end-user transactions as simple as possible while maintaining a high level of security.
Dynamic temporary password (OTP) transmitted via SMS message after username and password, time-based password (SoftOTP) generated specifically for the registered device, and push notifications to the mobile application are common forms of 2FA. The advantages of dynamically generated temporary passwords, ease of use, the ability to add security layers at hardware, software and personal identity levels, and cost-effectiveness make multifactor authentication attractive for secure access.
SecTrail MFA is a reliable multi-factor authentication solution that has been serving various industries such as telecommunications, banking, finance, and healthcare for many years. The product, developed in-house by our software team, is classified as local software. With its modular and scalable structure, it can adapt to different integration scenarios. For more information, you can visit our SecTrail product page.