What is Multi-Factor Authentication (MFA)?

What is Multi-Factor Authentication (MFA)?

Multi-factor authentication (MFA) provides a constructive element of layered security by requiring users to prove their identities using two or more verification methods before they can be authenticated. In this way, if one factor is compromised or broken, the attacker still has at least one more barrier to breach before breaking into the target. Most multi-factor authentication implementations utilize at least two authentication factors. Hence, sometimes it is also referred to as two-factor authentication or 2FA.

How does Multi-Factor Authentication work?

Multi-Factor Authentication (MFA) is the process whereby multiple technologies are used to authenticate the user's identity. In contrast, single factor authentication (or simply “authentication”) uses a single technology to prove the user’s authenticity. With Multi-factor authentication, users must combine verification technologies from at least three different groups or authentication factors.

Authentication Factors

Something you know. This is usually a password, PIN, passphrase or questions and their corresponding answers. In order to satisfy this technology, the user must enter information that the backend can then match against that which has been previously setup or stored. 

Something you have. Before the advent of smartphones, users would carry around tokens or smartcards. These devices would generate a one-time passcode (OTP) that could then be typed or entered into the backend system. Today, most users leverage their smartphone with authenticator app as the device that generates these codes or allows them to respond back to a server with a one-time passcode behind the scenes.

Something you are. This is anything from fingerprints, retina scans, facial recognition, voice recognition, or a user’s behavior (such as how hard or fast they type or swipe on a screen) that can be used to identify a unique user. 

To achieve multi-factor authentication, at least two different technologies from at least two different technology groups must be used for authentication process. As a result, using a PIN coupled with a password would not be considered multi-factor authentication, while using a PIN with facial recognition as a second factor would be. It is also acceptable to use more than two forms of authentication. However, most users increasingly want frictionless authentication (the ability to be verified without the need to perform verification).

What are the types of multi-factor authentication technologies?

Hardware tokens: Small, easy-to-use hardware devices that an owner carries with them to authorize access to a network service. Supporting strong authentication with one-time passwords (OTPs), these hardware tokens provide the possession factor for multi-factor authentication while enabling enhanced security for banks and application providers who need to secure multiple applications with a single device.

Soft tokens: Software or “app-based tokens” generate a one-time use login PIN. Often these tokens are used for multi-factor authentication in which the device – in this case a smartphone – provides the possession factor. 

Mobile authentication: Mobile authentication is process of verifying a user via their phone or verifying the device itself, allowing users to log into secure locations and resources from anywhere with enhanced security.

Biometric authentication: This includes leveraging a fingerprint scan or face recognition to accurately and securely authenticate users, even on mobile devices as well as behavioral authentication which provides an invisible layer of security that continuously authenticates end users by the unique ways they interact with their computer or mobile device via keystroke, swipe pattern, mouse movement and more.

Why do I need Multi-Factor Authentication?

Authentication methods that depend on more than one factor are more difficult to compromise than single-factor methods. Accordingly, properly designed and implemented multi-factor authentication methods are more reliable and a stronger deterrent for cyber criminals than outdated single-factor username/password user authentication, which are harder to defend against security breaches, compromising data security. These data breaches could potentially result in serious damage to the consumer or organization with lost / stolen data, identity theft and phishing attacks etc.

Multi-factor authentication requires users to prove their identities using two or more verification methods before they can be authenticated. In this way, if one factor is compromised, the attacker still has at least one more barrier to breach before breaking into the target.

Where can I use MFA?

Multi-factor authentication should be used when accessing any sensitive data. For example: 

  • When you access your bank account at an ATM, you use MFA by having something you know, (the PIN), and something you have, (the ATM Card). 
  • When you visit your Facebook, Google or Microsoft account from a new location or device, you use multi-factor authentication by having something you know, (the password), and something you have, (your mobile phone that receives the notification you must approve before allowing you to login). 
  • When you use your mobile phone, you use multi-factor authentication by something you have, (the phone), and something you are, (your fingerprint or facial scan), or other biometric technology available on the device. 

Good multi-factor authentication (MFA) allows you to be secure and the ability to do so seamlessly when accessing the features and functions of a service provider.

How do I get started with Multi-Factor Authentication?

OneSpan Sign’s multi-factor authentication solutions have been designed from the ground up to safeguard accounts and transactions by offering two or three factors of security, while meeting user demand for a simple sign-in process. OneSpan has invested considerable time and resources to create easy-to-use, scalable, and reliable solutions that deliver strong authentication using a range of easy verification options — such as color QR codes and Bluetooth.