A good number of people today are familiar with multi-factor authentication because it has become the standard in organizational network security. Just about every company that is worried about its network health has implemented the feature, especially after Microsoft well full bore into the implementation of MFA with its own products back in the early part of 2020. However, not everyone is familiar with “hidden” MFA, which is an evolution of the above.
What’s the Difference Between Visible and Hidden?
Normally, when one logs in with traditional MFA features, there is the standard profile login, and then there is confirmation of the same with another layer, typically initiated through a separate tool like an app on a phone or a code to an email address. This is known as visible MFA.
Hidden or Invisible MFA looks to get rid of the obvious challenges one has to go through just to authenticate oneself on a network. Instead of multiple inputs, like random number generated codes with phone apps or emails to look up, the user is instead identified simply by who they are when connecting. This approach still involves multiple factors that make the user unique and easy to identify as a valid access, but the combination is based on their underlying information versus actual input. Underlying information can include the exact device used (i.e., MAC address, for example), geolocation, biometrics from the user like a fingerprint, and other features only the user would have on them when connecting automatically. The combination works similarly to traditional MFA, but there is less active input, engagement, and action on the part of the user to make it happen.
Benefits of Hidden MFA
The obvious goal of evolved MFA is to make connections for authorized users seamless and less obstructive. Much of the problem with the current common-use MFA is that everything hinges on a secondary code. While this works as a random number, it can be circumvented if the user himself or herself is compromised. A good amount of hacks now involve social engineering to get the random number generated by an MFA app feature from the user and then penetrate the targeted system with actual authorized access, defeating MFA completely doing so.
Invisible multi-factor authentication takes the human out of the picture when it comes to active input. There is still a multi-factor confirmation occurring, but the human choice that can produce inadvertent access is eliminated. Instead, the MFA occurs on predetermined properties that only exist with the given user in a set combination. Since the confirmation happens behind the scenes as the user connects, there is nothing that the user gets caught up with or errors out with a wrong entry. This seamless aspect improves work productivity while still keeping the bad guys out of the network entirely.
Going a Level Further
When biometrics are added to the MFA approach, the security combination becomes even more robust. A hack would literally need to have the user present, the machine involved, and be in the right location or access through the right channel. This would only occur under extreme situations such as kidnapping, for example, and probably won’t happen in 99 percent of attempts to hack. While no system is a perfect silver bullet, the evolved MFA approach with biometrics clearly raises the bar entirely to another level of security protection.
The tech security landscape continues to keep changing as new penetration methods become the norm. Every barrier is eventually overcome to some extent. The question is how prevalent is the hack now versus the protection implemented. In 2020, visible MFA was extremely effective. Now, with advanced social engineering methods, it can be overcome based on the weakest person in the organization. So, active security always needs to be looking for ways to make itself harder, or at least hard enough to make a hack entity go somewhere else versus continuing to attempt penetration.