However, as practice shows, even this mechanism may have its drawbacks. Maxim Elesin, Chief Specialist of the Municipal Control Sector of the Zheleznodorozhny District Administration of the Municipal District of Ekaterinburg, told RuNews24.ru about the pros and cons of multi-factor authentication.
Pros of multi-factor authentication
1. Increased security: MFA requires the user to provide more than one proof of identity. This makes it much more difficult for attackers, as access to the account requires not only a login and password, but also an additional factor, such as a code sent to the phone.
2. Phishing protection: Even if an attacker obtains a user's username and password through phishing, they will not be able to log into the account without the second factor.
3. User acceptance of security: The use of MFA is becoming more and more common for most users, which contributes to the overall security culture.
The cons of multi-factor authentication are.
1.Vulnerability: As the real-life case of Maxim Gennadyevich Elesin shows, even multi-factor authentication does not protect against fraudsters using manipulation and deception.
“In our Department the administration of information systems was carried out using two-factor authentication, but this did not save from the consequences when one of the administrators told the fraudsters the code from SMS,” says Maxim Gennadyevich.
2. Difficulty for users: Some users may find the extra layer of security uncomfortable, which may lead to ignoring necessary procedures.
3. Dependence on technology: MFA may become inaccessible in case of no internet, phone problem or other technical failures.
Based on the experience from the negative situation, the expert suggested the introduction of additional security measures for information system administrators.
“I would like the future development of security systems to follow the path of increasing mandatory identifying factors. It may be worth introducing a third factor - biometrics such as facial recognition or fingerprint,” he says.
Multi-factor authentication is certainly an important step towards improving security, but it is not a panacea. It is important to continue working on improving authentication factors and user education to reduce the risks associated with fraud and cyberattacks. As practice shows, attackers continue to use every trick possible to gain access to a system, and being prepared is key to maintaining security.