Everything you need to know about multi-factor authentication

Nowadays, there are constant reports of compromised user accounts and stolen records online. User account protection is an ever-growing concern for many institutions. Part of the problem is that portability complicates user validation since users can log in to their accounts from anywhere on the globe using any device. Let’s explore multi-factor authentication (MFA) as an effective and dependable user verification solution.

What is multi-factor authentication?

MFA is a multi-layered security system that requires more than one confirmation to identify and verify users for login or other transactions. Multi-factor authentication combines at least two independent sets of credentials (factors) to verify users and grant them privileges.

Basically, in addition to entering the correct username-password combination, the user must also provide an extra security token – a code sent to their phone or email, biometric scan, or answers to security questions. These are the five main authentication factors used in MFA:

  • Knowledge: Something the user knows – for instance, PIN, username-password, unlock pattern, or answers to security questions
  • Possession: Something the user has; it could be a phone, email address, access card, or hardware token
  • Heritage: Something the user is – physical traits such as fingerprints, voice, and facial features proving one’s identity
  • Time: Transactions based on a limited-time window – for instance, one-time passwords and verification actions with a short expiry period
  • Location: Factors based on the user’s geographical location

Common types of MFA

Multi-factor authentication can be implemented in several different ways using any combination of the factors discussed above. For simplicity, most MFA systems use only two factors: possession and knowledge. Here are three popular types of two-factor authentication:

SMS and email token authentication

This is the most common and straightforward type of MFA. Once the user enters the correct username and password, the system sends a one-time password or PIN to their phone or email – sometimes both. The user then keys in the token to complete the authentication.

Software token authentication

The system uses a smartphone, desktop, or web app to send soft tokens for the second-factor verification. In this case, the token may be in the form of a PIN, OTP, QR/bar code, or biometric scan.

Hardware token authentication

Hardware tokens rely on dedicated dongles to send and receive security expressions. Various systems use different types of hardware that can verify users through biometric scans or passcodes. Hard tokens are considered the safest form of MFA and are generally used on high-value accounts.

Why use MFA?

In the current cybersecurity climate, passwords alone are simply not enough to secure online accounts. Poor password practices and sophisticated hacking techniques such as brute force, rainbow table, and GPGPU password cracking are to blame for the growing cases of compromised accounts. According to a Verizon report, 80 percent of data hacks involve the use of stolen credentials or brute force attacks.

An additional access and authorization security layer effectively secures user accounts even when using weak passwords and running the risk of stolen credentials. With MFA, login credentials are rendered useless in the wrong hands.

Implementing MFA also has the following perks:

  • Boosts customer trust
  • Helps achieve legal and industrial security compliance
  • Increases security flexibility
  • Saves money

Who offers MFA solutions?

You can add multi-factor authentication on any online user account whether the feature is built into the host platform or not. Some user-based systems are not built with MFA in mind. However, third-party MFA providers such as Cisco Duo offer robust two-factor authentication solutions applicable to any platform. Duo supports both soft and hard tokens that match the security levels of both big and small organizations.

Now is the time to seriously consider multi-factor authentication if your user accounts still rely only on the traditional username-password login. Implementing third-party MFA is relatively inexpensive compared to the problems it solves. The few extra seconds it takes to run a thorough user authentication can end up saving you hundreds of thousands, if not millions.