What is Multi-factor Authentication?
Most, if not all, of us, have probably come across a device, application, or account that required us to input two or more pieces of information in order to access our account or complete a transaction. Providing multiple pieces of information is called multi-factor authentication (MFA). MFA is a mechanism or process that provides added layers of security.
With MFA in place, a user must prove their identity in order to access something and what they need to show as proof should (reasonably speaking) be known to only the authorized person. A subset of MFA that you might have heard of before is called two-step authentication, which requires two factors prior to providing access.
How Does MFA Operate?
Multi-factor Authentication requires a user to input multiple factors in order to login or proceed with an action. By expecting multiple sources of evidence to prove identity, the system can provide greater assurance that only the legitimate and authorized user is gaining entry. Factors are chosen in such a way that an unauthorized person would not be able to guess the answers to the questions, among other things.
There is not a set number of factors a system has to demand, but the more it requires, the more secure it is. Multi-factor Authentication can use factors that fall in the following possible realms: possession, knowledge, physical characteristic, location, and time. Most of us have come across knowledge factors. A user’s password is secret only to them and only the user should know it. Possession deals with the possession of a physical thing. In this step, a user could be required to use a key, fob, or other physical devices to prove their identity.
An additional third factor is the use of inherence or physical characteristics. For example, a user may need to scan their retina in order to gain access. Other factors include being in a certain physical location and entering at a specific time in order to authenticate user identity. The system can mark user logins from new or abnormal physical locations. A common example of this location factor is when a user signs in to their email from an unfamiliar location and then receive an email warning them of a new sign-in attempt.
If a user fails even one factor or entry point, their access can be denied.
Benefits of Implementing MFA
MFA’s ultimate goal is to secure a device or application. Only authorized users should (ideally) be gaining access to things like secure databases, thereby keeping data, like personal information, as protected as possible. While cybercrime has become more and more sophisticated, using Multi-factor Authentication can thwart possible attacks.
If entry into a device requires the authorized user’s password, code sent to their phone, fingerprint scan, and physical location, it becomes very unlikely that an unauthorized attacker could imitate the aforementioned factors. As a result, the possibility of identity theft could decrease. However, some forms of cyberattacks could still penetrate MFA. A phishing attack that reveals a user’s passwords can make it easier to get past MFA systems.
Implementing a Multi-factor Authentication system can prove intricate and complicated, but that shouldn’t deter business or organization. While some factors could be more difficult to implement (such as the constant possession of a physical token), there are systems that can prove very useful. We encourage you to reach out to us if you have any questions about MFA’s security benefits and potential disadvantages.