01 logo

Multi-Factor Authentication (MFA) - Everything You Should Know

Multi-Factor Authentication

By Bianca EvansPublished 2 years ago 3 min read
Like

Multi-factor authentication ( MFA) is a security technology that requires multiple authentication methods from independent categories of credentials to verify a user's identity for a login or other transaction. Multi-factor authentication combines two or more separate credentials: what the user knows , such as a password; what the user has , such as a security token; and what is the user, through the use of biometric verification methods.

The goal of multi factor authentication solutions is to create a layered defense that makes it difficult for an unauthorized person to gain access to a target, such as a physical location, computing device, network, or database. If a factor is compromised or broken, the attacker still has at least one or more barriers to break before successfully entering the target.

In the past, MFA systems were generally based on two-factor authentication (2FA). Increasingly, vendors are using the multi-factor tag to describe any authentication scheme that requires two or more identity credentials to lessen the chance of a cyber attack.

Why is multi-factor authentication important?

One of the biggest shortcomings of traditional user ID and password logins is that passwords can be easily compromised, which can cost organizations millions of dollars. Brute force attacks are also a real threat, as criminals can use automated password cracking tools to guess various combinations of usernames and passwords until they find the correct sequence. Although locking an account after a certain number of failed login attempts can help protect an organization, hackers have many other methods of gaining access to the system. This is why multi-factor authentication is so important, as it can help reduce security risks.

MFA authentication methods

An authentication factor is a category of credential used for identity verification. For MFA, each additional factor is intended to increase the assurance that an entity engaged in some type of communication or requesting access to a system is who it claims to be (or what it claims to be). Using multiple forms of authentication can help make a hacker's job more difficult.

The three most common categories, or authentication factors, are often described as something you know or the knowledge factor ; something that one has or the factor of possession and something that is or the factor of inherence . MFA works by combining two or more factors from these categories.

Knowledge factor - Knowledge-based authentication typically requires the user to answer a personal security question. Know-factor technologies typically include passwords, four-digit personal identification numbers (PINs), and one-time passwords (OTPs).

possession factor - Users must have something specific in their possession to log in, such as a badge, token, keychain, or phone subscriber identity module (SIM) card. For mobile authentication , a smartphone often provides the factor of possession in conjunction with an OTP application.

Possession factor technologies include the following:

Security tokens are small hardware devices that store a user's personal information and are used to electronically authenticate that person's identity. The device can be a smart card, a chip embedded in an object such as a Universal Serial Bus (USB) drive, or a wireless tag.

A software-based security token application generates a one-time login PIN. Soft tokens are often used for mobile multi-factor authentication, where the device itself—such as a smartphone—provides ownership factor authentication.

Typical possession factor user scenarios include the following:

mobile authentication - where users receive a code via their smartphone to gain or grant access—variations include text messages and phone calls sent to a user as an out-of-band method, smartphone OTP apps, SIM cards, and smart cards with stored authentication data; and attach a USB hardware token to a desktop that generates an OTP and use it to log in to a VPN client.

inheritance factor - Any biological traits the user has that is confirmed to login. Inheritance factor technologies include the following biometric verification methods :

  • retinal or iris scan
  • fingerprint scan
  • voice authentication
  • hand geometry
  • digital signature scanners
  • facial recognition

The components of the biometric device include a reader, a database, and software to convert the scanned biometric data into a standardized digital format and compare the match points of the observed data with the stored data. In Iris recognition or iris scanning is the process of using visible and near-infrared light to take a high-contrast photograph of a person's iris. It is a form of biometric technology in the same category as face recognition and fingerprinting.

Multi-factor authentication vs. two factor authentication

When authentication strategies were first introduced, the intention was to tighten security, but also keep it as simple as possible . Users were asked to provide only two forms of security keys that would inform a system that they were authentic and authorized users. Common forms of 2FA were user ID and password or bank card and ATM PIN.

cybersecurity
Like

About the Creator

Reader insights

Be the first to share your insights about this piece.

How does it work?

Add your insights

Comments (1)

Sign in to comment
  • Denny Luyis2 years ago

    RADIUS two factor authentication https://www.protectimus.com/radius/ adds a second layer of authentication to an application, requiring users to generate temporary one-time codes to access an application. These codes can be generated by an authentication app on a smartphone or a special hardware device. The two-factor authentication software can also be used for managing profiles, ensuring that only authorized users can make changes to accounts.

Find us on social media

Miscellaneous links

  • Explore
  • Contact
  • Privacy Policy
  • Terms of Use
  • Support

© 2024 Creatd, Inc. All Rights Reserved.