The evolution of secure online authentication:
from "insecure password" to Common Criteria Certified Hardware Authenticators...
The evolution of multi-factor authentication (MFA) is similar to the development from the old rotary phone to the first mobile phones and to the smartphones we use today. The constantly changing threat landscape and proven procedures have led to continuous innovation in authentication. Today's MFA differs significantly from the MFA of the 90s, when the earliest form of two-factor authentication (2FA) was invented and patented by AT&T.
2FA means exactly what the name suggests: in addition to a password, an additional authentication factor must be used to ensure the user's identity. This is especially true for your personal information (PII) or your organization's proprietary information (PI).
As we all know, a password is only as strong as the person using it, and to remember a password, users tend to make it simple, like "Password123!" or write it down and stick it to the back of their keyboard.
This makes the idea of adding a second form of authentication very attractive, as it could significantly reduce the risk of weak password policies and poor security practices. In fact, it has been shown to be extremely effective in stopping cyberattacks with username and password combinations.
Multi-factor authentication (MFA) security levels.
Unfortunately, cybercriminals are constantly evolving and finding new ways to steal login credentials and the information protected by those credentials. To appropriately reduce risks and protect sensitive information, organizations must do more than just rely on traditional defense mechanisms.
Secure-Element-based (Hardware based) Multi-Factor-Authentication (MFA, for example using an authenton#1 CTAP2.1 FIDO token) significantly reduces risks by requiring additional layers of authentication, such as something the user knows, has, and is. Token-based MFA is not only more secure but also creates a more user-friendly experience, as your users have the confidence of being protected.
==> With the FIDO 2.1 certified authenton#1 CTAP 2.1, you have your security "in your own hands"!