A security process that requires two different forms of identification to verify non-human identities.
Description
Second Factor Authentication (SFA) is an essential security mechanism employed to enhance the protection of non-human identities (NHIs), such as service accounts, applications, and bots, which often interact with systems and networks. In this context, SFA adds a layer of security by requiring not only a password (the first factor, something the entity knows) but also a second form of authentication, such as a one-time code sent to a device (the second factor, something the entity has). This approach mitigates the risks associated with compromised passwords, ensuring that even if an attacker gains access to the password of an NHI, they would still need the second factor to access sensitive systems or data. Implementing SFA for NHIs is crucial in environments where automation and integration are prevalent, as it helps to maintain the integrity and security of automated processes while reducing the likelihood of unauthorized access.
Examples
- Using a time-based one-time password (TOTP) generator for API calls
- Verifying access to a cloud service using a hardware security token
Additional Information
- SFA can significantly reduce the risk of credential theft
- It's essential for compliance with various security standards and regulations
References
- What is a Non-Human Identity? - CyberArk
- The Complete Guide to the Growing Impact of Non-Human Identities ...
- What are Non-Human Identities? - OASIS Security
- Non-Human Identity Management: Addressing the Gaping Hole in ...
- What are non-human identities - Astrix Security
- A New Era of Non-Human Identity: NHIDR by Entro
- A Human's Guide to Non-Human Identities (NHIs) - Aembit
- Securing non-human identities: Why fragmented strategies fail