Making Sense of the Authentication Stack


In a world where everyone carries an IoT device, yet have minimal security awareness training, the need for increased security controls is becoming more prevalent. A single credential pair is no longer sufficient in protecting our sensitive data and we must take additional avenues to secure ourselves.

There are many acronyms in the authentication space, so let’s talk about a few;

2FA – Two-Factor Authentication – This method of authentication requires two forms of ‘proofs’ to gain access to a credentialed account. Some methods you might observe are the options of sending a code via SMS, and/or receiving a code via phone call. This is commonly referred to as the simplest method of increased authentication-based security.

MFA – Multi-Factor Authentication – The core difference between 2FA and MFA, is MFA requires more than two proofs of required authentication points. This usually requires third-party applications that contain tokens but can also include the traditional SMS-based code generation or a biometric plugin. MFA should be the goal for most organizations that want to vastly reduce unauthorized access to organizational data, but this method often disrupts standard business operations. With the requirements of additional proofs, the authentication process can be lengthy and thus seen as a detriment to workflow. This is technically true, yet the overall security enhancement of this authentication platform is far superior – so it will ultimately be the decision of senior leadership to decide on the length of the authentication process and how it will affect business operations.

Be mindful that threats against the authentication technologies exist – as nothing is truly “fool-proof”.

We must be vigilant, we must be ready, and most of all, we must be educated!

If you missed part one of this series you can catch up here!

Adam Zimmerman, Security Solutions Architect

CDW Canada

With over six years of experience in the technology industry, Adam’s experience covers information security operations, cyber security advisory, penetration testing, and advanced exploitation. Adam’s primary focus is  helping organizations build strong security practices and prepare for potential attacks.

Adam holds a Masters in IT Security from the University of Ontario Institute of Technology, where he successfully developed a malware classification tool with a security firm based in Ottawa.  Additionally, he has worked on several cyber consulting engagements as a lead security researcher and was able to develop an exploit for the FAA’s NextGen Air Traffic Control Management System.

Adam currently serves in the Canadian Armed Forces as a Second Lieutenant where he holds a  command position as a Troop Commander for 32 Combat Engineer Regiment of Toronto; specializing in mobility denial and facilitation, tactical breaching, controlled munitions disposal, and various humanitarian support operations.