ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update nexus: fix conflicts and sync local changes

Browse Source
This commit is contained in:
Shen Wei
2026-04-26 12:06:50 +08:00
parent 191797c01b
commit f09834b5a5
2443 changed files with 254323 additions and 255154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
wiki/concepts/Multi-factor-Authentication.md
View File

@@ -1,62 +1,62 @@
---
title: "Multi-factor Authentication (MFA)"
type: concept
tags: [cloud-computing, security, identity]
date: 2025-03-02
---
# Multi-factor Authentication (MFA)
**MFA**(多因素认证)是云安全的基础机制,通过验证两个或多个独立身份凭证来确认用户身份,防止未经授权的访问。
## Definition
多因素认证要求用户提供两种或以上的身份验证因素:
1. **知识因素**Something you know密码、PIN
2. **持有因素**Something you have手机、硬件令牌
3. **固有因素**Something you are指纹、面部识别
## MFA Methods
| Method | Type | Security Level |
|--------|------|---------------|
| **SMS OTP** | 持有因素 | 中 |
| **TOTP** (Google Authenticator, Authy) | 持有因素 | 高 |
| **Hardware Token** (YubiKey) | 持有因素 | 极高 |
| **Biometrics** | 固有因素 | 高 |
| **Push Notification** | 持有因素 | 高 |
| **Adaptive/ Risk-based MFA** | 组合 | 极高 |
## Cloud Provider Support
| Provider | MFA Support |
|----------|------------|
| **AWS** | MFA via IAM, supports hardware tokens, virtual MFA, SMS |
| **Azure** | Azure AD MFA, Conditional Access, passwordless (FIDO2) |
| **Google Cloud** | 2FA, Security Keys, Google Prompt |
## Cloud Myths Context
MFA 是反驳"云不安全"误解的核心机制之一:
- 云平台强制或推荐 MFA显著降低账户被盗风险
- 云 MFA 实现比大多数本地系统更先进(自适应、条件访问)
- 云服务商的 MFA 通常免费或低成本提供
## Best Practices
- **强制 MFA**:对所有用户强制启用 MFA
- **优先无密码**FIDO2/WebAuthn 优于传统 OTP
- **条件访问**:高风险操作触发额外验证
- **保护特权账户**Admin 账户必须使用硬件令牌
- **账户恢复**:安全的 MFA 恢复机制
## Related Concepts
- [[cloud-security]] — 云安全
- [[Identity-and-Access-Management]] — 身份与访问管理
- [[Zero-Trust]] — 零信任
- [[cloud-computing]] — 云计算
## Sources
- [[The Myths and Misconceptions About Cloud Computing (LinkedIn)|sources/the-myths-and-misconceptions-about-cloud-computing-linkedin]]
---
title: "Multi-factor Authentication (MFA)"
type: concept
tags: [cloud-computing, security, identity]
date: 2025-03-02
---
# Multi-factor Authentication (MFA)
**MFA**(多因素认证)是云安全的基础机制,通过验证两个或多个独立身份凭证来确认用户身份,防止未经授权的访问。
## Definition
多因素认证要求用户提供两种或以上的身份验证因素:
1. **知识因素**Something you know密码、PIN
2. **持有因素**Something you have手机、硬件令牌
3. **固有因素**Something you are指纹、面部识别
## MFA Methods
| Method | Type | Security Level |
|--------|------|---------------|
| **SMS OTP** | 持有因素 | 中 |
| **TOTP** (Google Authenticator, Authy) | 持有因素 | 高 |
| **Hardware Token** (YubiKey) | 持有因素 | 极高 |
| **Biometrics** | 固有因素 | 高 |
| **Push Notification** | 持有因素 | 高 |
| **Adaptive/ Risk-based MFA** | 组合 | 极高 |
## Cloud Provider Support
| Provider | MFA Support |
|----------|------------|
| **AWS** | MFA via IAM, supports hardware tokens, virtual MFA, SMS |
| **Azure** | Azure AD MFA, Conditional Access, passwordless (FIDO2) |
| **Google Cloud** | 2FA, Security Keys, Google Prompt |
## Cloud Myths Context
MFA 是反驳"云不安全"误解的核心机制之一:
- 云平台强制或推荐 MFA显著降低账户被盗风险
- 云 MFA 实现比大多数本地系统更先进(自适应、条件访问)
- 云服务商的 MFA 通常免费或低成本提供
## Best Practices
- **强制 MFA**:对所有用户强制启用 MFA
- **优先无密码**FIDO2/WebAuthn 优于传统 OTP
- **条件访问**:高风险操作触发额外验证
- **保护特权账户**Admin 账户必须使用硬件令牌
- **账户恢复**:安全的 MFA 恢复机制
## Related Concepts
- [[cloud-security]] — 云安全
- [[Identity-and-Access-Management]] — 身份与访问管理
- [[Zero-Trust]] — 零信任
- [[cloud-computing]] — 云计算
## Sources
- [[The Myths and Misconceptions About Cloud Computing (LinkedIn)|sources/the-myths-and-misconceptions-about-cloud-computing-linkedin]]