❤️ 프로젝트 지원
KO
EN English UK Українська PL Polski ES Español DE Deutsch FR Français PT Português TR Türkçe JA 日本語 KO 한국어 RU Русский

mfa-(multi-factor-authentication)

다단계 인증(MFA)은 리소스에 액세스하기 위해 여러 가지 확인 방법을 요구하는 보안 시스템으로, 비밀번호 이상의 보안을 강화합니다.

🌐 용어 다른 언어로:
English Deutsch Español Français 日本語 한국어 Polski Português Русский Türkçe Українська

MFA는 로그인 프로세스에 추가 보안 계층을 추가합니다. 비밀번호에만 의존하는 대신, 사용자는 모바일 앱의 코드, 보안 키 또는 생체 인식 데이터와 같은 추가 확인 요소를 제공해야 합니다. 이렇게 하면 비밀번호가 손상된 경우에도 무단 액세스 위험이 크게 줄어듭니다. MFA는 민감한 데이터와 계정을 사이버 위협으로부터 보호하는 데 중요합니다.

MFA에 사용되는 요소는 일반적으로 세 가지 범주로 나뉩니다. 알고 있는 것(예: 비밀번호, PIN), 가지고 있는 것(예: 스마트폰, 보안 키), 그리고 당신 자신(예: 지문, 얼굴 인식). 이러한 요소를 결합하면 공격자가 여러 인증 방법을 손상시켜야 하므로 공격자가 액세스 권한을 얻기가 훨씬 더 어려워집니다.

        graph LR
  Center["mfa-(multi-factor-authentication)"]:::main
  Pre_cryptography["cryptography"]:::pre --> Center
  click Pre_cryptography "/terms/cryptography"
  Rel_multi_factor_authentication_mfa["multi-factor-authentication-mfa"]:::related -.-> Center
  click Rel_multi_factor_authentication_mfa "/terms/multi-factor-authentication-mfa"
  Rel_2fa_two_factor_authentication["2fa-two-factor-authentication"]:::related -.-> Center
  click Rel_2fa_two_factor_authentication "/terms/2fa-two-factor-authentication"
  Rel_authentication["authentication"]:::related -.-> Center
  click Rel_authentication "/terms/authentication"
  classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
  classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
  classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
  classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
  linkStyle default stroke:#4b5563,stroke-width:2px;
🕸️ Open in Universe

🧠 지식 테스트

1 / 3

🧒 5살도 이해할 수 있게 설명

It's like needing your house key (something you have) AND a secret code you know to open your front door, making it much harder for burglars.

🤓 Expert Deep Dive

Multi-Factor Authentication (MFA) strengthens authentication by enforcing the principle of independent verification factors. The security gain stems from the difficulty of compromising multiple, distinct factor types simultaneously. The three primary factor categories (knowledge, possession, inherence) are designed to be orthogonal, meaning the compromise of one type does not inherently compromise another. For instance, a stolen password (knowledge) does not automatically yield access to a physical security token (possession). Protocols like TOTP (Time-based One-Time Password) and HOTP (HMAC-based One-Time Password) are common for the 'possession' factor, often implemented via authenticator apps or hardware tokens. FIDO Alliance standards (e.g., U2F, WebAuthn) are increasingly adopted for possession-based authentication using hardware security keys, offering enhanced resistance to phishing. Biometric factors (inherence) rely on unique physiological or behavioral characteristics, but their reliability can be affected by environmental conditions or spoofing attempts. Architectural considerations involve the choice of authentication protocols, the secure storage and transmission of authentication data, and the user experience design to minimize friction. Vulnerabilities can include phishing attacks targeting the initial credential, SIM-swapping attacks to intercept SMS-based OTPs, or weaknesses in biometric template security. The trade-off between security robustness and user convenience remains a central challenge.

🔗 관련 용어

선행 지식:

📚 출처

1. OWASP Top Ten
2. Google Security Blog: Making two-factor authentication even more secure
3. NIST Special Publication 800-63B
4. FIDO Alliance
5. RFC 4226: HOTP: An HMAC-Based One-Time Password Algorithm
6. RFC 6238: TOTP: Time-Based One-Time Password Algorithm