2
Security Best Practice Guide
Multi-Factor Authentication
Multi-factor authentication (MFA), sometimes referred to as two-factor authentication or 2FA, is an
electronic authentication method in which a computer user is granted access to a website or application only
after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism:
knowledge (something only the user knows), possession (something only the user has), and inherence
(something only the user is). MFA protects the user from an unknown person trying to access their data such
as personal ID details or financial assets.
There are three basic factors to authentication:
• Something you know: This could be a PIN code, the answers to your security questions, or your
password
• Something you have: This generally refers to a physical object, such as a security token, smart card, or
phone.
• Something you are: This refers to biometric data, and usually comes in the form of your fingerprint or
facial scan — such as with Apple’s Touch ID
Utilizing more than one factor is one of the best methods for keeping connectivity into a network safe. Most
hackers that breach networks do so by obtaining the username and password of individuals. They can
compromise your credentials, and even manipulate their connections to make the authenticating device
“think” it is you. However, when a secondary factor is introduced, the hacker would not have access to this
information and therefore would be denied access immediately and their session logged.
SonicWall’s SMA 100 series incorporates multiple types of factoring functions, that when combined, can
ensure the authenticity of the end user. Turning on these features are considered *critical* in the security of
your network and should always be your number one priority when setting up remote connectivity appliances
or software.
NOTE: Due to the critical importance of 2FA, we are providing detailed instructions on the
One of the most secure (and highly recommended) methods for secondary authentication is using a provider
that supports SAML (Security Assertion Markup Language), or a TOTP (Time-Based One-Time Password)
provider. SonicWall’s SMA 100 series has support for both types of factoring providers – Please reference the
SonicWall Feature guide for detailed walkthrough on how to setup these features with different providers.
https://www.sonicwall.com/techdocs/pdf/sma-10-2-feature-guide.pdf
Two popular and commonly used solutions for secondary factor-based authentication are the Microsoft
Authenticator and Google Authenticator. To enable 2FA using Google or Microsoft Authenticator, please refer
to the following knowledge base article: https://www.sonicwall.com/support/knowledge-base/how-can-i-
configure-time-based-one-time-password-totp-in-sma-100-series/180818071301745/
To Next Page
Loading...
Need help?
General