Hi! My current pet project: Read-only 100% offline secure multi-user container in a single HTML file that requires no external software to extract secrets:
https://github.com/griffin-container/griffin
In the context of API operations, the "something that you have", criteria of MFA would be how users are requested to possess a valid API key or token asides from their username and passcode.
Some cloud services providers like Amazon Web Services(AWS) offer MFA options that are integrated with their API services.
Hi! My current pet project: Read-only 100% offline secure multi-user container in a single HTML file that requires no external software to extract secrets:
https://github.com/griffin-container/griffin
One note on MFA in the cloud is that it's not just for users to login - you can also mandate mfa auth for API operations
How does MFA apply to API operations considering the "Something that you have" criteria?
In the context of API operations, the "something that you have", criteria of MFA would be how users are requested to possess a valid API key or token asides from their username and passcode.
Some cloud services providers like Amazon Web Services(AWS) offer MFA options that are integrated with their API services.
I hope this helps?
Thanks for the reply! I meant using devices like hardware tokens or phones for MFA, in the context of performing API operations from scripts.
Oh, yes!
MFA could serve as a multi-layered approach for the security of API operations to avoid unauthorised access and data breaches.
Thanks for that brilliant point.