Back to Glossary Home | Multifactor Authentication (MFA)
Multifactor Authentication (MFA)
What Is Multifactor Authentication (MFA)?
Multifactor authentication (MFA) is a security measure that provides an additional layer or more of security for users in the event that their primary method of authentication becomes compromised. To verify the identity of a user, MFA requires more than one piece of evidence. For example, instead of just requiring a password, many MFA logins require a device confirmation as well. If cybercriminals acquire user passwords, MFA can help provide extra protection against account infiltration.
How Does Multifactor Authentication Work?
Multifactor authentication works by requiring two or more steps before a user is able to access their account. The specifics of how MFA works will depend on the types and methods of authentication used, but the general steps remain the same:
- A user attempts to log in
- The system asks for proof of identity using two or more pieces of evidence
- The user provides this evidence
- The system grants access
A common MFA method includes a password login with a push notification sent to the user's device for a second layer of confirmation.
What are the Benefits of Multifactor Authentication?
Reduced Risk of Data Breach
While nothing will protect you 100% against a data breach, every additional security method you add to your toolbox will make it that much more difficult for a cybercriminal to infiltrate, and that much harder for data breaches to occur in the first place. MFA is an easy-to-implement security measure that will decrease the likelihood of data breaches.
Improved Security
Reducing the risk of data breaches also means you are boosting the overall security of your systems by making it harder for attackers to get in. Many regulations call for improved security measures, including HIPAA and PCI DSS, and some specifically require MFA, so adding it will also fulfill certain compliance standards.
Better User Experience
Even though MFA requires an extra step or two to verify an account, it can actually mean a better user experience. Many MFA systems will ask users to verify with their device or through biometric logins, making them less reliant on memorizing passwords.
Different Types of Multifactor Authentication
In a basic sense, MFA can be divided into three types: Something you have, something you know, and something you are.
Something You Have
Users may have a physical key that connects to their device and allows them access to their account. This may also be a digital key provided by a mobile app that generates one-time passwords.
Something You Know
This is usually a PIN or a password. For example, someone might be asked to input a password and then a second unlock passphrase or PIN.
Something You Are
Authentication can also attach to part of who you are via biometric identification, including fingerprints, iris identification, or facial recognition.
Multifactor Authentication Methods
The following are common multifactor authentication methods. Many of these methods are used in combination for added security and user-friendliness.
Security Keys
Security keys generate one-time passwords but are physical devices. Different keys available include the Google Titan Security Key, Nitrokey, YubiKey, and HID Crescendo Key.
One-Time Passwords
Mobile apps and hardware tokens can generate one-time passwords for users to enter after providing an initial level of authentication. They may be delivered via app, push notifications, security keys, or SMS.
Biometric Authentication
Physical characteristics are used in biometric authentication, such as fingerprints and facial recognition. Voice can also be used. This is a popular form of MFA on mobile devices. Some laptops and desktops also have fingerprint scanners.
SMS
MFA via SMS works by sending the user a text message after their initial login with a code they can type in to gain access. Because SMS can be intercepted by attackers, it’s not seen as being as secure compared to other methods.
Push Notifications
Push notifications work similarly to SMS - an app will push verification to a user's device, asking them to confirm the login.
What is MFA in Cloud Computing?
Cloud-based resources - servers, applications, and databases - can be better protected by adding MFA. When you're deciding which methods and types to implement, you want to balance the ease of use and likelihood of adoption by team members with the level of security each method and type provides. The more users set up and use MFA, the more protected your organization will be.
How TierPoint Can Help With Multifactor Authentication
Secure and streamlined logins are beneficial for the security of apps and users, as well as the total user experience. TierPoint offers CleanIP Managed Multifactor Authentication Solutions that allow organizations to leverage a single managed solution, instead of worrying about managing disparate logins. When you can verify user identities across your systems, the experience is easier and more secure for everyone involved.
