What is Multi-Factor Authentication?

Multi-factor Authentication (MFA) is an authentication method where a user is given access to an application or website after providing two or more verification factors. In addition to using a username and password to gain access to your apps, MFA requires the user successfully present one or more additional verification factors to an authentication mechanism.  For example, MFA can be used to secure a user’s email, application, bank account, or a VPN.

How are MFA and Two-Factor Authentication (2FA) different?

Two-Factor Authentication is essentially a subset of MFA. It requires only two factors of authentication rather than MFA, requiring two or more factors. As a subset of MFA, 2FA is often used interchangeably with MFA.

What are the steps in Multi-Factor Authentication?

Consider the example below. You wish to purchase Bitcoin on your Binance account. Binance requires that you use MFA to verify your identity prior to processing a transaction. The steps to complete the transaction are as follows:

‍Step 1: Login to the application – enter your username & password entered at login page‍

Step 2: Email verification required and sent to user’s email address and entered

‍Step 3: Authenticator Application PIN required and entered this example of MFA used two of the three main types of MFA authentication methods or factors.

What are the main types of MFA Authentication Factors?

There are three commonly used MFA factors, they are:

Knowledge

The “things you know:, like your password, a secret code or a bank PIN.

Possession

These are “things you have” in your possession, like your authenticator application on your phone, a software token or a smart card/fob.

Inherence

These are “things you are”, like facial recognition, biometrics eye, fingerprint or voice recognition.

Additional types of Multi-Factor Authentication

Adaptive authentication is another kind of MFA also known as Risk-based Authentication. Integrating AI and machine learning, it considers the risk profile of the user requesting access to the system. For example someone logging into their work computer at a different location than the office would be a higher risk profile. In this case the MFA would recognize they are not in the office and request an additional credential beyond their username and login normally used in their office. This is also an example of Location-basedmulti-factor authentication where the authentication method looks at the user's IP address or geo-location only. On the other hand, Adaptive MFA could also consider the time of day a user is attempting to access the system, the device used, a private connection, so on and so forth.

How can Multi-Factor Authentication benefit your organization?

Multi-factor Authentication makes your company and employees sensitive information significantly less vulnerable to malicious attacks or third party attempts to steal information. According to Microsoft, MFA can prevent "99.9 percent of attacks on your accounts".

Most data breaches come from weak passwords

81% of breaches are caused by breached or stolen passwords

73% of passwords are duplicates

50% of employees use applications that are not approved by their employer

Every day there are thousands to millions of attacks on organizations

4,000 ransomware attacks

300,000,000 fraudulent sign-in attempts

167,000,000 malware attacks

‍A cyber criminal’s full time job is to figure out how to steal sensitive information from individuals and companies. MFA is essentially the first line of defense. A robust identity and access management (IAM) policy along with a data security plan will save your business from financial burden and time-spent on fixing headaches that come from data-breaches.