What Is Multi-Factor Authentication (MFA)?
Every time we share sensitive data, such as passwords, banking information, or residential address online, we put our information at risk. It is increasingly important to find ways to protect ourselves online and ensure our information’s security. Every digital account is at risk of hacking, so it is essential to add an extra layer of protection with Multi-Factor Authentication (MFA).
Multi-factor authentication ensures that the user represents themselves. It eliminates transactions by people who are not authorized to access private resources. This article will take a closer look at MFA, its pros and cons, and its uses.
Table of Contents
- What Is Multi-Factor Authentication (MFA)? Meaning & Definition
- Why Is MFA Important?
- How Does Multi-Factor Authentication Work?
- Multi-Factor Authentication Methods
- What You Know (Knowledge)
- What You Have (Possession)
- What You Are (Inheritance)
- Types of Multi-Factor Authentication
- SMS Token Authentication
- Email Token Authentication
- Hardware Token Authentication
- Software Token Authentication
- Phone Authentication
- Biometric Verification
- How Is Secure Multi-Factor Authentication?
- MFA Examples
- What's the Difference Between MFA and Two-Factor Authentication (2FA)?
- Is MFA More Secure Than 2FA?
- What Are the Pros and Cons of Multi-Factor Authentication?
- Pros of Using Multi-Factor Authentication
- Cons of Using Multi-Factor Authentication
- Is It Worth It to Use MFA?
- What does multi-factor authentication mean?
- What is the purpose of MFA?
- What is the difference between two-factor and multi-factor authentication?
- Is MFA required?
- How effective is MFA?
What Is Multi-Factor Authentication (MFA)? Meaning & Definition
Multi-factor authentication is an authentication (identification) method that requires the user to provide two or more proofs of their identity to access private info or log into their account. Only after providing all necessary information will the user get access.
You have probably already used it in one of these forms:
- Logged into an online bank by entering the digits you got via SMS;
- Swiped a bank card at the ATM and entered your PIN.
Usernames and passwords as credentials are more likely to be vulnerable to brute force attacks and hacked or compromised by hackers, so the systems need something other than that. MFA increases system security through authorized users using multiple credentials. It can be a phone number, an email address, or an answer to some (known only to that user) secret question. If hackers gain access to the user’s password, they won't be able to log into the person’s system until they provide secondary certificates generated by the multi-factor authentication device.
Although MFA combines any number of authentication factors, the most common is two-factor authentication (2FA). The need for MFA can also be triggered by failed 2FA identification or suspicious activity of the intended individual. That is, regular 2FA can give access to all social media, for example, and an MFA to a user’s medical or financial records.
Why Is MFA Important?
While some may see the process as a minor inconvenience or too time-consuming to set up, it's worth thinking about higher levels of security in the long run. In January 2020, nearly 1.2 million Microsoft accounts were hacked worldwide — and none of us would want to be among them.
How Does Multi-Factor Authentication Work?
There are two basic types of multi-factor authentication.
- MFA for applications: an authentication process that activates when a user attempts to access one or more applications;
- MFA for devices: an authentication process that immediately activates MFA at the point of login.
Although they are separate processes, MFA is the same for both types. When a user tries to access something (phone, laptop, or server), they face multi-factor authentication and are forced to follow two or more authentication procedures. If the primary authentication providers (IdPs) validate these factors, they are granted access.
One of the most commonly specified authentication factors is a phone number. Usually, with MFA, a person enters their username and password when they log in, and then a unique code is sent via text message to their cell phone. This proves that they have registered their smartphone as a device to receive these types of codes.
MFA can use an unlimited number of factors and methods, which we'll talk about next.
Multi-Factor Authentication Methods
Authentication factors are different methods of using multi-factor authentication to improve the security of user resources. They can be used in various combinations and quantities, depending on the level of protection a person wants. Below are some categories that can be used as multi-factor authentication methods.
What You Know (Knowledge)
An authentication factor can be something that users know or remember, just like their username and password. Control questions are the best example of knowledge as an authentication factor (e.g., the first pet's name). However, hackers can often find out such personal information via fishing techniques, so it is not an ideal authentication method.
What You Have (Possession)
It is much less likely that a hacker stole both the password and the smartphone at the same time. Therefore, the authentication factor can be something the user owns physically. For example, it can be a code sent to a smartphone, tablet, or any other hardware device.
Depending on the item used for validation, there are different methods of authentication. The most common is confirmation via text message, mobile app, pop-up notification, or card insertion (like with an ATM).
What You Are (Inheritance)
Another way is the inheritance factor, also known as a biometric identifier. This category includes something intrinsic to the user, such as a fingerprint, retina, or voice. For this type of identification, companies can also use:
- Iris scans;
- Hand and earlobe geometry;
- Facial recognition.
This is the best way to protect user resources with multi-factor authentication.
Types of Multi-Factor Authentication
Usually, when a person shops online or pays for services, they need to use 2-3 types of MFA to access their accounts. These can be a text message from the bank or the PIN of your card. In fact, there are many more — we will list them in a moment.
SMS Token Authentication
Receiving SMS tokens is a simple option and can be used by almost any business. After entering a username and password, the person will receive a one-time password (OTP) in the form of a PIN. The number acts as a second authentication factor and is entered on the next page/screen.
Email Token Authentication
This method is similar to SMS tokens — only here, the code is sent by email. Receiving a code by email is one of the most common types of MFA and can be a good option if the user’s phone is lost, stolen, or otherwise inaccessible.
Hardware Token Authentication
Although the types mentioned above of MFA were virtual, the hardware token is physical. This identification method is considered one of the most secure methods of MFA, but it is also more expensive.
Typically, a hardware token is the best option for protecting things like banking information, as well as insurance, financial, and investment information. Users insert such a token into a device or computer to access information like they do with a USB drive.
The only drawback is that the user has to keep track of where the token is. And if they lose it or forget it at home, they can't access their accounts.
Software Token Authentication
Using a particular application on the device, one can achieve a level of security no worse than with a hardware token. Only here, the device itself becomes the token. This method eliminates the need to carry additional devices to confirm security. Everything is done through a smartphone or tablet, which is always on hand.
Phone authentication is divided into SMS tokens, which we mentioned above, and phone calls. As a rule, the user has to answer the phone, and the system will know that everything is fine. Sometimes, the operator asks for some data to confirm the voice and identity.
Biometric verification can range from fingerprint identification to facial recognition. Users with smart devices or computers can take advantage of this technology to further enhance their online security. Using biometric verification is generally less of a hassle than a one-time password and can make IFAs faster and easier.
How Is Secure Multi-Factor Authentication?
No security system guarantees 100% protection against hacking and data leakage, but MFA prevents such troubles with the highest probability. Sure, it is not always convenient, but it almost always makes visiting important sites safer.
It is preferable to use multi-factor authentication on any site that stores the user’s private data (social networks, email, online banking, etc.), even if the service allows you to do so without it. Using USB tokens or biometric authentication methods is preferable to one-time SMS passwords or secret questions for critical data.
- Knowledge: something that only the user knows, such as their password or a unique PIN code;
- Possession: something that only the user has, such as a smartphone, hardware token, or flash drive;
- Inheritance: something inherited by the user, such as a fingerprint, voice, or retina;
- Time: a time window during which the user can confirm their identity, such as a system access window;
- Location: the physical location of the user, such as an office, home, or other location from which access can be gained.
What's the Difference Between MFA and Two-Factor Authentication (2FA)?
Two-Factor Authentication (2FA) is a two-step verification process that considers two different types of user data. In addition to a username and password, the system can ask for a unique code sent in an SMS message or an email to provide an additional level of security.
On the other hand, multi-factor authentication uses two, three, or more levels of security. Categories of all levels must be independent of each other to eliminate any vulnerability in the system.
Is MFA More Secure Than 2FA?
Of course, relying on the 2FA system is more secure than just using passwords. However, it is not safe enough for a modern organization too. MFA with three or more authentication factors would be the best choice. If the data to be protected is of maximum value and importance, it is best to use a hardware token along with other security methods.
What Are the Pros and Cons of Multi-Factor Authentication?
Today, it is becoming increasingly dangerous to store sensitive information online or even in the cloud. The growing use of multi-factor authentication is making life easier for companies and ordinary people alike and greatly enhancing overall protection against hacker attacks. However, many companies are hesitant to use multi-factor authentication because it has its downsides — so let's look at them closely.
Pros of Using Multi-Factor Authentication
Nowadays, people expect multi-factor authentication to be part of any account setup. It is now being implemented as a fundamental element of security. Here are just some of the benefits of this method of data protection:
- MFA provides a higher level of security than just a username and password or even a 2FA system;
- MFA can connect with single sign-on software and provide users with a more accessible and more secure login process;
- MFA protects information from both internal threats and external intrusions.
Cons of Using Multi-Factor Authentication
But this approach also has its disadvantages, which play a decisive role for many companies:
- There is a need to use additional hardware and software systems, data storage, and reading devices;
- There is a need for additional steps to log in, which sometimes there is no time for, or that not everyone wants to do;
- The cost of implementing such a protection system can be quite high, and the amount of time spent on its implementation can be huge.
Is It Worth It to Use MFA?
Security ultimately depends on user preference. If they are willing to take the time to enter multiple authentication factors to access their account, they may lose a few minutes of their day, but they'll be much better protected in the long run. Also, tricky passwords (mainly a variety of tricky passwords) are your best bet when it comes to account security.
Sometimes, traditional usernames and passwords are not enough to block unnecessary access to a user’s data. Hackers find their way into the database and take the user's credentials, reducing the user's confidence in the traditional way of protecting credentials.
In such a case, multi-factor authentication would work best to ensure that no one can access user data. Adding multi-factor authentication shows that they care about their customers' security and take it seriously.
In the end, we can safely say that the use of MFA will be justified and will pay off in most cases. So, if the data to be protected is of maximum value and importance, everyone should use MFA 100%. Moreover, it is best to use a hardware token along with other security methods.
However, if the user goes to an ordinary forum or social network that does not contain any of their personal information, a good tough password or 2FA will be enough.
Now let us answer some of the most popular questions regarding MFA.
What does multi-factor authentication mean?
Multi-factor authentication, also known as MFA, means that multiple credentials are needed to access personal IT resources, such as applications, systems, files, or networks. Usernames and passwords as credentials are more likely to be vulnerable to brute force attacks and can be hacked or compromised by hackers. We can improve the security of our resources by using multi-factor authentication.
What is the purpose of MFA?
MFA increases system security through authorized users using multiple credentials. If a hacker compromises a user’s password, they will not be able to log into the person’s system until they provide secondary credentials generated by the multi-factor authentication device. Multi-factor authentication includes authentication factors for user authentication along with username and password.
What is the difference between two-factor and multi-factor authentication?
2FA is a subset of MFA. With two-factor authentication, the user must provide precisely two credentials, one of which is a simple password, and the other is an authentication token generated by any 2FA device. MFA requires two or more credentials.
Is MFA required?
No, implementing MFA is not required at all for most companies. However, if an MFA is available, it's worth using, especially when it comes to the most sensitive information, such as financial accounts, medical records, and primary email addresses.
How effective is MFA?
Achieving a 100% security guarantee will never happen. However, being persistent in everyone’s online security, even the most intelligent hackers won't be able to steal a user’s personal information. The use of MFA is excellent in this regard — the probability of data theft with this method of protection is much lower than with the security of a regular login and password.