Strong Authentication

Strong Authentication (SA)

Strong authentication confirms user identity reliably and safely, never solely based on shared secrets/symmetric keys such as passwords, codes, and recovery questions. Strong authentication assumes credential phishing and impersonation attacks are inevitable and robustly repels them. Although multi-factor authentication (MFA) remains among the best ways to establish who trusted users are, actual strong authentication goes beyond either two-factor authentication (2FA) or MFA.

When implementing MFA, at a minimum, follow the National Institute for Standards and Technology (NIST) Assurance Level-2 for admin functions. This means using two factors: something you know, such as a code or password, and something you have, such as a push notification or a one-time passcode (OTP) generated by a registered device. Where possible, increase to NIST Assurance Level-3 for most critical assets. This means 2FA with something you know such as a password, along with a hardware-based cryptographic token, such as a FIDO key or smart card.


Related Cloud terms