What is MFA?
MFA is a security feature that requires your staff to provide two or more credentials to authenticate their identity. These credentials can be passwords, hardware tokens, numerical codes, biometrics, time, and location.
Passwords are easily compromised especially WEAK passwords. Employees who use multi-factor immediately increase their account security.
Any of the above credential examples are technically MFA, although most implementations leverage two factors, which is why it is also known as two-factor authentication (2FA). By leveraging multiple credentials instead of one, the authentication process will remain secure even if one of the authentication factors is compromised.
What are Authentication Factors?
Authentication factors are methods used to validate your identity. Authentication factor categories are as follows:
- Knowledge: Something that the user knows, such as their core username and password.
- Possession: Something that the user has, such as a smartphone or hardware token.
- Inherence: Something that is inherent to the physical user, such as a fingerprint or retina.
- Location: Denoted by the physical location of the user.
- Time: A time-based window of opportunity for the user to authenticate.
Of course, some of these categories are more convenient than others, which is why IT administrators often opt for time-based one-time password (TOTP) generators like the Google or Microsoft Authenticatorâ„¢ app. Fortunately, any one of them can enhance your IT security posture.
How Does MFA Work?
It is important to clarify that there are two types of MFA:
- Device: An authentication process that implements MFA directly at the point of login to a system.
- Application: An authentication process that implements MFA upon attempting to gain access to one or more applications.
MFA works in roughly the same manner for both types. As the user attempts to gain access to a particular resource, they are challenged to input multiple authentication factors, rather than just one.
The user credentials are then verified by a core identity provider (IdP) or directory services platform. Once authenticated, the user gains access to the requested resource.