This manual was created with the intention to help amateur mobile application creators and potential mobile application developers develop their ideas through research, planning, testing and revision.
This document aims to define and discuss the concept of Multi-Factor Authentication, sometimes written as Multifactor Authentication, and also referred to as MFA. According to Google Trends, interest in the term Multi-Factor Authentication has grown to 41%, up from a mere 3% back in 2004. It is a term that relates to online security and the protection of accounts and essentially the data those accounts possess. First, I will discuss definitions of Multifactor Authentication, write about how it is relevant then provide my definition of the term.
The Oxford English Dictionary(2014) defines authentication as “the action or process of validating, approving, or authenticating something” and defines multifactor as “involving or dependent on a number of factors or causes.” Without attaching any context to the term, Multifactor Authentication means more than one factor for authenticating something.
In the technological industry, “Multi-Factor Authentication (MFA) is a form of strong authentication which uses more than one information…” (S. Ibrokhimov et al., 2019). This definition suggests the use of a username and password in addition to another vital piece of identification data such as the answer to a security question, as substantial components for Multi-Factor Authentication.
Another technical perspective states that “Multi-factor authentication can incorporate various layers of authentication solutions implemented in conjunction with one another, such as user name and password with a token and a biometric finger scanner.” (Tatham, M. et al., 2009). This definition plainly describes the flexibility of Multi-factor authentication where a user could choose to use their username and password plus a security question plus a one-time pin or token plus a finger scan or a facial scan to authenticate to a website or application. All three definitions maintain the understanding that Multifactor Authentication involves a username and password plus two or more steps for validation. Interestingly, the Oxford English Dictionary does not specify what factors are used to determine authentication. Whereas, S. Ibrokhimov et al.’s definition, even though not very specific, indicates that information is needed to verify authentication. Better than that, Tatham, M. et al.’s definition goes even further by naming the information needed (e.g username, password, a token, and fingerprint) required for authentication.
With a better understanding of what Multi-Factor Authentication is, it is easier to picture how it relates to everyday life. A digestible approach would be to think of physical security. Physical items in the home are secured by the use of a door with a lock and a key. Now consider digital security. Digital things such as personal email accounts are secured by a username and password. Imagine that digital items are like physical items, a door with a lock is like a username and the key is like a password. Even though the lock and key help keep the physical items secured, they are not always enough to prevent break-ins. A lock can be picked similarly to how a password can be hacked. One way to deter a break-in would be to add an alarm system, this is where Multi-Factor Authentication comes in. “You should use MFA whenever possible, especially when it comes to your most sensitive data—like your primary email, your financial accounts, and your health records.” (National Institute of Standards and Technology [NIST],2016). Due to increasing data breaches of consumer companies (Staples, Home Depot, Target, and Michaels), health insurance companies (Primera Blue Cross and Anthem) and financial institutions (JPMorgan Chase and the IRS), there is no guarantee that only a username and password are enough to deter hackers from breaking into personal online accounts. “Multi-Factor Authentication is your friend” (Gray, 2019), this statement was posted in a Forbes.com article after several data breach stories surfaced in the news. We should all start familiarizing ourselves with password authentication processes consisting of more than two steps to help ensure the safety of our digital data and Multi-Factor Authentication is an additional line of defense to help ward off cyber-crime.
After doing research and thinking about my experience using Multi-Factor Authentication, I would define it as an account login process requiring username and password plus at least two methods of verification that may include the use of tokens (an authentication app or one-time pin code) and biological input (a fingerprint scan or face scan).
Granville, K. (2015, February 5). 9 recent cyberattacks against big businesses. The New York Times. https://www.nytimes.com/interactive/2015/02/05/technology/recent-cyberattacks.html
Gray, J. (2019, October 7). Amping up security through passwords and multi-factor authentication. Forbes.com. https://www.forbes.com/sites/joegray/2019/10/07/amping-up-security-through-passwords-and-multi-factor-authentication/#59602c876dce
Google. (n.d.). [Google Trend of term Multifactor Authentication]. Retrieved October 4, 2020, from https://trends.google.com/trends/explore?date=all&geo=US&q=%2Fm%2F05zybfn
National Institute of Standards and Technology. (2016, June 28). Back to basics: Multi-factor authentication (MFA). NIST. https://www.nist.gov/itl/applied-cybersecurity/tig/back-basics-multi-factor-authentication
Oxford University Press. (n.d.). Authentication. In OED Online. Retrieved September 27, 2020, from www.oed.com/view/Entry/13323
Oxford University Press. (n.d.). Mutlifactor. In OED Online. Retrieved September 27, 2020, from www.oed.com/view/Entry/254366
S. Ibrokhimov, K. L. Hui, A. Abdulhakim Al-Absi, h. j. lee and M. Sain, “Multi-Factor Authentication in Cyber Physical System: A State of Art Survey,” 2019 21st International Conference on Advanced Communication Technology (ICACT), PyeongChang Kwangwoon_Do, Korea (South), 2019, pp. 279-284, doi: 10.23919/ICACT.2019.8701960.
Smith, J.F. (2015, May 26). Cyberattack exposes I.R.S. tax returns. The New York Times. https://www.nytimes.com/2015/05/27/business/breach-exposes-irs-tax-returns.html Tatham, M., & Honkanen, A. (2009). Mobility for Secure Multi-Factor “Out of Band” Authentication. In B. Unhelkar (Ed.), Handbook of Research in Mobile Business: Technical, Methodological, and Social Perspectives (2nd ed., pp. 388-398). Idea Group Reference. https://link-gale-com.citytech.ezproxy.cuny.edu/apps/doc/CX1809100051/GVRL?u=cuny_nytc&sid=GVRL&xid=a41ac927
TO: Professor Ellis
FROM: Nakeita Clarke
DATE: Sept 20, 2020
SUBJECT: 500-Word Summary
This memo is a 500-word summary of the article, “Should Artificial Intelligence Be Regulated?” by Amitai Etzioni, and Oren Etzioni.
Anxiety regarding Artificial Intelligence (AI) and its potentially dangerous abilities have surfaced the question of whether or not AI should be regulated. A key component, and a first step to approach such regulation would involve standardizing a universally objective definition of AI. Some predict that it is inevitable for AI to reach the point of technological singularity and believe it will happen by 2030. This perspective is due to AI being the first emerging technology with the capability for producing intelligent technology itself, which is interpreted as a foundational threat to human existence. Respected scholars and tech leaders agree AI possesses such a threat and urge for the governance of AI. The Association for the Advancement of Artificial Intelligence (AAAI) suggests that there is no foreseeable reason to pause AI-related research while the decision to monitor AI is being determined. Others see no reason for regulation stating, “machines equipped with AI, however smart they may become, have no goals or motivations of their own.” (Etzioni, A., & Etzioni, O., 2017, p. 33). Even so, it may already be too late to attempt to create international regulations for AI due to global widespread usage across public and private sectors.
Both sides agree on the social and economic impact AI will cause; however, regulation could inflate the cost of such an impact. So far, AI has exhibited superior medical advantage, sped up search and rescue missions leading to increased chances of recovering victims, and is used in the psychological industry for effective patient care. AI is already used in our everyday technology from personal assistants; Google Assistant, Alexa, Siri, and Cortana, as well as security surveillance systems. Instead of regulating AI as a whole, limiting the progression of its beneficial impact, focusing AI regulation on AI-enabled weaponry may be a more actionable approach. Public interest in doing so exists and is evident from petitions urging the United Nations to ban weaponized AI. Existing treaty on Nuclear weapons could be an indicator that countries across the globe may adopt one for AI. In addition to such a treaty, a tiered decision-making guidance system could aid the management of AI systems. On the flip-side, what about the management of AI-powered defense, de-escalation and rescue machines in combat zones?
AI’s disruption of the job market has begun and will create an unevenness causing additional unemployment and income disparities. Despite job loss, economists believe AI will lead to the creation of new types of jobs. Having a committee to monitor AI’s impact, as well as advise on ways to combat job loss due to AI-based initiatives could mitigate social and economic threats AI presents. One can be hopeful that an almost utopian alternative to AI’s negative impact is possible if society changes its response to AI, starting with public open dialogue as the driving force for productive policies.
ETZIONI, A., & ETZIONI, O. (2017). Should artificial intelligence be regulated? Issues in Science & Technology, 33(4), 32–36.