Multifactor Authentication: A Separation of Verification Power
After winning reelection in 1936, liberally-minded Franklin D. Roosevelt was faced with the possibility that his conservative Supreme Court would undo many of his previous term’s executive orders. To avoid this, in 1937 he attempted to pack the Supreme Court with liberal justices by asking Congress to allow him to appoint additional ones for every member of the Court over 70 years of age. At the time, this move would allow him to appoint as many as 15 new justices of his choosing.
Needless to say, conservative officials were angered, and a number of them threatened resignation if Roosevelt’s request was approved. Ultimately, the Senate rejected his proposal, avoiding a constitutional crisis. They were able to do so due to the separation of powers and checks and balances outlined in the US Constitution.
Separation of Power
The Founding Fathers created the Constitution of the United States in 1787 (although it wasn’t ratified until 1788). In it, they established three separate branches of government, separating the government’s powers among them to prevent a tyrannical form of government from developing. These 3 branches are the:
Legislative Branch
The legislative branch of the US government is responsible for establishing laws. It includes Congress, which consists of the House of Representatives and the Senate, as well as several smaller agencies. This branch has the power to confirm or reject presidential appointments, declare war, and create federal legislation. While the legislative branch can enact laws, it cannot enforce them.
Judicial Branch
The judicial branch is made up of the Supreme Court, different Courts of Appeals, and all of the District Courts. This branch interprets the meaning of laws and how they apply to individual court cases and actions as well as deciding whether laws violate the Constitution.
Executive Branch
The executive branch of government includes the President, Vice President, Cabinet, executive departments, independent agencies, and other national boards, commissions, and committees. This is the branch that implements, enforces and administers laws written by Congress, oversees daily federal operations, controls the military, and enters into treaties with foreign nations.
Checks and Balances
A few examples are:
- The executive branch, via the President, has the power to veto bills Congress passes. In the case the Commander in Chief does this, Congress must receive a two-thirds majority vote from both the Senate and The House of Representatives for a bill to become a law.
- The legislative branch, in Congress, has the power to fund or not fund executive actions, as well as impeach members of the executive and judicial branches. This is the branch that ultimately shot dismissed Roosevelt’s proposal to appoint more Justices.
- The judicial branch, by means of the Supreme Court, can declare laws or presidential actions unconstitutional by judicial review.
The idea the founding fathers were getting at is that it’s good to have multiple approvals and double-checks when it comes to important items. Whether that is the creation of a law or access to highly sensitive data, you’ve got to be sure you’re making the right decision or giving the right person access. In the IT world, multifactor authentication is sort of like a separation of verification powers, checks, and balances.
How Multifactor Authentication Works
Multifactor authentication (MFA) is a form of access control allowing an end user to log in to their computer, an application, or database only after successfully providing several pieces of evidence to an authentication mechanism. Typically, this information will be something you know (a password or personal question), something you have (an email or a text message), or something you are (a fingerprint or a facial scan). When using multifactor authentication, a user can only access the sensitive information or platform they need by successfully verifying their identity via these pieces of evidence.
Why You Need It
75.6% of organizations encountered at least one successful cyber attack within the past 12 months. Additionally, a recent analysis revealed that only 25 different passwords were used in over half of 10 million compromised accounts, with 17% of these passwords being “123456.” That means three out of every four businesses were the victim of a cyber criminal AND at least half of them had weak passwords.
Good news is, you can prevent hackers from accessing your network via weak passwords by having an MFA strategy in place. It’s especially important if you are in an industry that is responsible for the confidential information of customers (e.g. financial, health, legal, etc.).
In fact, the multifactor authentication market is expected to reach $12.51 billion by 2022. Why? This practice works. In order for a cyber criminal to gain access to your sensitive assets, they need multiple pieces of information. Pieces of information that only YOU will have access to, like your fingerprint or text messages. As a result, MFA is a fairly foolproof way to ensure that the information you want password-protected will be, by multiple defenses.
Implementing MFA
29% of US CISOs are concentrating on identity and access management in their organizations. The top priority on this list is multifactor authentication. CISO or not, you know the importance of keeping your sensitive information secure. Multifactor authentication is a surefire way to lay a strong foundation across the organization.
If you’re interested in learning more about different MFA options your company can use, an MSP specializing in network security is a good place to start. They’ll be able to work with your organization to adopt a multifactor authentication protocol that helps ensure your confidential business data is protected no matter who tries to gain access.