Why do we need adaptive 2FA (two factor authentication)?

Two factor authentication (2FA) has helped everyone connected to the internet in keeping their accounts, data, services… safe from the attackers. It’s a highly robust security layer, which is extremely hard to crack. The question is, if it is that safe to use 2FA, why do we need adaptive 2FA. The answer is simple, better security and accessibility. Let’s justify the answer over this discourse.

Adaptive 2FA

Adaptive authentication is a new security feature that uses machine learning to verify the authenticity of a login before prompting the user for two factor authentication. Let’s break this up. First, from user’s point of view, adaptive authentication is just an add-on to their 2FA authentication solution. The user will not interact with adaptive authentication security layer directly. Second, it uses machine learning. Machine learning uses algorithms to learn patterns in data and make predictions based on that data. This gives machines (processors) the ability to decide. Third, the veracity of the login attempt is confirmed on the service provider’s end. This process checks from various patterns learned from the account owner, if the login attempt is valid and secure.

New authentication factors lead traditional methods towards deprecation.

Choosing the authentication factors

Two factor authentication adds complexity to the login process. Each additional authentication factor added to the login process (3FA, multi factor authentication, etc.) incorporates inefficacy. Adaptive authentication strengthens the security of a user’s account without adding any complexities to the login process. Utmost attention is paid while choosing the authentication factors. Too many authentication factors may ultimately slow down the authentication process and make it cumbersome. A balance is maintained between security and usability by adding only the most significant factors, like login time, device used for access, IP at which the login originated, geolocation, and security of the communication channel. A user’s behaviour is recorded and analysed based on these authentication factors to create the user’s risk profile. The machine learning algorithms adapt to the user’s risk profile and tendencies to develop an effective mechanism for verifying the veracity of the login attempt.

Effortless security for users

Identity management gets easier with the use of adaptive authentication, both for the end-user and enterprise. The user will not have to be bothered with different authentication layers. Instead, the entire process of authentication will be swift and easy. Enterprises will not have to dedicate security personnel to verify the reliability of a login attempt, saving both resources and time. Also, machines are fast. The entire adaptive 2FA process executes in the background with negligible time delay. In most cases, the user will not be even aware of the verification that has taken place.

Efficacy and Usability

Adaptive authentication can verify several factors associated with the login attempt, before the user gets to 2FA. Not only this, adaptive authentication can even allow a user to bypass 2FA based on the veracity of the login attempt. e.g. When not in office, Max always uses his personal mobile device to login to his work account. Before implementation of adaptive authentication, each time Max tried to log in, he was subjected to two factor authentication. But few days after adaptive authentication was implemented on his company’s server, Max stopped getting 2FA requests and could login through user ID and password alone. Through adaptive authentication the server knows that it is Max who is trying to access his account from the same mobile device he’s used in the past. Isn’t it easier? And it’s just through a single factor. The adaptive authentication algorithms use a number of factors and complex statistics to build user profiles.

Dynamic and (per the name) Adaptive

The processes and algorithms involved in adaptive 2FA are dynamic. They keep building and updating the user risk profile. At each attempt, along with verifying the authenticity of the login the attempt, the login pattern is analysed and recorded. The entire process of learning, analysing, and authenticating is dynamic in approach and adaptive to situation. The algorithms learn from and adapt to the login conditions. For high risk profiles or questionable login circumstances, more authentication factors may be incorporated.

Adaptive authentication can even identify malicious users and malicious bots trying to gain access to a user’s account through hacked or stolen passwords and deny them authentication altogether. Any malicious user will not even get to the two factor authentication.

Adaptive authentication is a hidden layer of security that verifies the veracity of the login attempt through machine learning. It is simple, secure, efficient, and dynamic of all things. It uses large range of inputs and factors to build a user’s risk profile to facilitate authentication. It reinforces security of an account without adding any extra verification steps for the user.

Two-Factor Authentication for LINUX SSH

Before learning the two-factor authentication for Linux SSH, let’s have a small overview of Linux. Linux servers are one of the widest and most popular servers used by the organizations across the world. They constitute about 67% of all the public facing servers. They are one of the best and most efficient servers that can carry out the large volumes of web processes and transactions at a very low downtime.

Linux servers are highly reliable and scalable. They use SSH protocol to ensure secure login or access to remote servers. However, SSH involves the usage of the password, and a solely password-based authentication invites security threats and breaches. Passwords these days are no longer secure, for they can be hacked, cracked, or stolen using multiple methods.

Since Linux servers process large amounts of data that is mostly confidential, e.g. financial data, they are a large and favourable target to hackers and attackers. Protecting SSH logins merely with passwords may put your or an organization’s data at risk.

FairWare Ransomware targeting LINUX computers
FairWare Ransomware targeting LINUX computers

Click SSH security to read and learn more about the Linux SSH.

Why Two-Factor Authentication for LINUX SSH?

SSH or Secure Shell is a protocol that enables a user to log-in and access remotely located systems & servers securely, over an unsecured network. SSH itself not only encrypts the remote sessions but also delivers better authentication using cryptographic keys- a public key and private key.

As such, the combination of password and the cryptographic keys may seem to be a viable and stronger authentication option but it’s not, and the reason could be any of the following:

  • Cryptographic key (private key) may not be password protected and could be easily stolen.
  • Use of a simple password by the user in encrypting & protecting the private key.
  • System or device where the user has saved or stored the private key may be vulnerable to theft.

As discussed above, passwords are no longer effective to keep your servers protected from intrusion or other types of different security breaches. In addition, the introduction of concepts like BYOD (Bring Your Own Device) have brought more risk to the Linux servers by granting privilege to employees in accessing organization’s network, server and data using their personal devices like laptops, tablets and smartphones, which may be used as a gateway by attackers because of their comparably lower security levels in comparison to a server.

Two-Factor Authentication: Improving LINUX SSH security

Adopting and implementing two-factor authentication in Linux SSH enforces the server to double-check the authenticity of a user. With 2FA, user’s identity is verified and validated, using “what the user knows” and “what the user has”.

Two Factor Authentication for LINUX SSH
Two Factor Authentication for LINUX SSH

What does a user knows, is username and password.

What a user may have, is security token/code.

2FA places token-based authentication as a secure doorway between a user and the protected server. Anyone can knock on it but only the authorized user can open this door with a secret code.

Is it beneficial to secure all servers using 2FA?

Implementing 2FA protection has always proven to be beneficial irrespective of individual or organizational needs. 2FA may be implemented across all servers present within an organization, but that may create complexity in managing, accessing, and using those servers.

It is pertinent to mention that most servers are already protected and secured by the different types of versatile network security tools, such as firewalls and VPNs. However, all these network security methods may avoid and prevent intrusion only within the organization’s network boundaries.

Public-facing servers (usually very few) can be accessed and explored by any user remotely, over a maybe unsecured network, using SSH outside the organization’s secured network. As such these public-facing servers are most prone to intrusion & data-theft and require utmost protection. Thus, implementation of 2FA may be restricted to public facing servers only.

In conclusion, it may be stated that servers are meant for storing and executing large amount of business & organizational data. Therefore, expecting fullest protection of servers merely with a password is not less than a fool’s paradise. Two-factor authentication is one of the easiest and most convenient ways to ensure guaranteed and multi-layered protection to Linux servers.