May 27, 2021
Multi-factor Authentication (MFA) is an authentication method where a user is given access to an application or website after providing two or more verification factors. In addition to using a username and password to gain access to your apps, MFA requires the user successfully present one or more additional verification factors to an authentication mechanism. For example, MFA can be used to secure a user’s email, application, bank account, or a VPN.
Two-Factor Authentication is essentially a subset of MFA. It requires only two factors of authentication rather than MFA, requiring two or more factors. As a subset of MFA, 2FA is often used interchangeably with MFA.
Consider the example below. You wish to purchase Bitcoin on your Binance account. Binance requires that you use MFA to verify your identity prior to processing a transaction. The steps to complete the transaction are as follows:
Step 1: Login to the application – enter your username & password entered at login page
Step 2: Email verification required and sent to user’s email address and entered
Step 3: Authenticator Application PIN required and entered this example of MFA used two of the three main types of MFA authentication methods or factors.
There are three commonly used MFA factors, they are:
The “things you know:, like your password, a secret code or a bank PIN.
These are “things you have” in your possession, like your authenticator application on your phone, a software token or a smart card/fob.
These are “things you are”, like facial recognition, biometrics eye, fingerprint or voice recognition.
Adaptive authentication is another kind of MFA also known as Risk-based Authentication. Integrating AI and machine learning, it considers the risk profile of the user requesting access to the system. For example someone logging into their work computer at a different location than the office would be a higher risk profile. In this case the MFA would recognize they are not in the office and request an additional credential beyond their username and login normally used in their office. This is also an example of Location-basedmulti-factor authentication where the authentication method looks at the user's IP address or geo-location only. On the other hand, Adaptive MFA could also consider the time of day a user is attempting to access the system, the device used, a private connection, so on and so forth.
Multi-factor Authentication makes your company and employees sensitive information significantly less vulnerable to malicious attacks or third party attempts to steal information. According to Microsoft, MFA can prevent "99.9 percent of attacks on your accounts".
81% of breaches are caused by breached or stolen passwords
73% of passwords are duplicates
50% of employees use applications that are not approved by their employer
4,000 ransomware attacks
300,000,000 fraudulent sign-in attempts
167,000,000 malware attacks
A cyber criminal’s full time job is to figure out how to steal sensitive information from individuals and companies. MFA is essentially the first line of defense. A robust identity and access management (IAM) policy along with a data security plan will save your business from financial burden and time-spent on fixing headaches that come from data-breaches.