Multifactor authentication (MFA)

3.3 Explain important concepts pertaining to identity and access management for server administration.

📘CompTIA Server+ (SK0-005) 

1. What is MFA?

Multifactor Authentication (MFA) is a security method that requires a user to provide two or more different types of authentication factors before gaining access to a system.

  • It adds extra layers of security
  • It reduces the risk of unauthorized access
  • Even if one factor is compromised, attackers still cannot access the system easily

👉 MFA is widely used in:

  • Server logins
  • Remote access (VPN)
  • Cloud platforms
  • Administrative accounts

2. Why MFA is Important (Exam Key Points)

  • Passwords alone are not secure enough
  • Protects against:
    • Brute-force attacks
    • Credential theft
    • Phishing attacks
  • Required for high-privilege accounts (admins)
  • Common requirement in security policies and compliance standards

3. Authentication Factors

MFA is based on three main types of factors. To be considered MFA, authentication must use at least two different categories.

A. Something You Know (Knowledge Factor)

Definition

This is information that the user knows and remembers.

Examples in IT Environments

  • Passwords
  • PINs
  • Passphrases
  • Security questions

Where It Is Used

  • Logging into servers (Linux/Windows)
  • SSH authentication using passwords
  • Web-based admin portals

Security Notes

  • Weak if used alone
  • Can be:
    • Guessed
    • Stolen (phishing)
    • Cracked (brute-force)

👉 This is why it is combined with other factors in MFA.

B. Something You Have (Possession Factor)

Definition

This is something the user physically owns.

Examples in IT Environments

  • Hardware tokens (RSA token, OTP generator)
  • Smart cards
  • Mobile devices (for OTP apps like Google Authenticator)
  • USB security keys (FIDO2, YubiKey)
  • One-Time Password (OTP) sent via SMS or email

Where It Is Used

  • VPN login requiring OTP code
  • Server login with smart card authentication
  • Cloud access using authentication apps
  • Datacenter access using ID badge + PIN

Security Notes

  • Much stronger than passwords alone
  • Risk:
    • Device theft
    • SIM swapping (for SMS OTP)

👉 Best practice: use hardware tokens or authenticator apps instead of SMS

C. Something You Are (Inherence Factor)

Definition

This is based on biometric characteristics of the user.

Examples in IT Environments

  • Fingerprint scan
  • Facial recognition
  • Iris scan
  • Retina scan

Where It Is Used

  • Secure server rooms
  • Administrator workstation login
  • Mobile device authentication
  • Biometric-enabled authentication systems

Security Notes

  • Very difficult to replicate
  • Cannot be “forgotten” like passwords
  • Limitations:
    • Requires special hardware
    • False positives/negatives possible

4. How MFA Works (Step-by-Step)

Example of MFA in a server environment:

  1. User enters username and password (something you know)
  2. System prompts for OTP from mobile app (something you have)
  3. Access is granted only if both are correct

👉 If either factor fails → access is denied

5. Common MFA Combinations (Exam Important)

You must combine different factor types:

✔ Valid MFA:

  • Password + OTP
  • Smart card + PIN
  • Password + fingerprint

❌ Not MFA (same factor type):

  • Password + security question (both “something you know”)
  • Two passwords

6. MFA in Server Administration

Where MFA is Used

  • Remote server access (SSH, RDP)
  • Privileged/admin accounts
  • Cloud infrastructure (AWS, Azure)
  • Virtualization platforms
  • Backup systems

Example Scenarios

  • Admin logs into a Linux server:
    • Password + OTP via authenticator app
  • Windows Server RDP:
    • Password + smart card
  • VPN access:
    • Username/password + token code

7. Benefits of MFA

  • Stronger security than single-factor authentication
  • Protects sensitive systems and data
  • Reduces risk of credential compromise
  • Required for compliance (e.g., enterprise security policies)

8. Limitations of MFA

  • Can increase login time
  • Requires additional setup and management
  • Users may lose devices (tokens, phones)
  • Biometric systems need special hardware

9. Best Practices for MFA (Exam Tips)

  • Always enable MFA for:
    • Administrator/root accounts
    • Remote access systems
  • Prefer:
    • Authenticator apps over SMS
    • Hardware tokens for high-security environments
  • Use least privilege + MFA together
  • Regularly review authentication logs

10. Key Exam Summary (Must Remember)

  • MFA = 2 or more different authentication factors
  • Three factors:
    • Something you know (password)
    • Something you have (token, phone)
    • Something you are (biometric)
  • Using two of the same type = NOT MFA
  • MFA is critical for:
    • Server security
    • Admin access
    • Remote login protection
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by