Humans have always been fascinated with the concept of two, whether it be as a symbol of opposition, complementarity, or duality. The power of quantum computers lies in their ability to dissolve binary boundaries. Likewise, security also needs its “B-side,” its deputy, its “+1.” This is where multi-factor authentication (MFA) comes in. MFA requires evidence from several different classes of evidence to prove one’s identity, such as something you know, something you have, and/or something you “are.”
While MFA comes in many forms, the most common is two-factor authentication (2FA). 2FA combines a password with an additional layer of verification, such as a hardware token, SMS code, or authenticator app. This “+1” increases the strength of authentication and is widely considered to be one of the strongest standard security measures today.
However, MFA isn’t limited to authentication. Double firewalls, DMZs, and defense in depth are all examples of second factors used in security. One area where a second factor is often overlooked is backup. Having backup data serves as a second factor for availability. If an attacker wants to disrupt operations, they must overcome both productive data and backup data.
Understanding these relationships between security measures can help adjust security programs in a purposeful way. By asking questions like “Do I have a second factor for my data/processes/confidentiality/integrity/availability/data economy/anonymity?”, businesses can identify potential gaps and strengthen their overall security.
