Across industries, businesses of all sizes are waking up to the fact that there are critical gaps in their cybersecurity strategy. When 80 percent of breaches are still caused by weak, reused, and compromised passwords, businesses need to focus on putting a stronger security foundation in place that corrects poor security hygiene without slowing down employees. When it comes to preventing unauthorized access, one of the most effective technologies a business can invest in is multifactor authentication.
But what is multifactor authentication, and what do you need to know about it if you’re considering it for your business? Especially if your organization has more limited resources or budget and must be strategic about investing in security solutions?
What is multifactor authentication?
Multifactor authentication, or MFA, was developed to add security checks to the login process. Before being granted access to something, the user is required to submit additional information to verify their identity. By creating more login proof points, you can better prove that someone is who they say they are, while making it much harder for someone else to break through your defenses.
Multifactor authentication protects an account with:
- Something you know: A “knowledge factor” like a password.
- Something you have: A “possession factor” like a phone or security key.
- Something you are: An “inherence factor” like biometrics.
Even if a password is stolen, attackers won’t be able to access an account without all required factors.
Wait, is two-factor authentication the same as MFA?
Two-factor authentication, or 2FA, is a form of MFA. Many people are familiar with 2FA because there are now several popular consumer 2FA apps like Google Authenticator and LastPass Authenticator that integrate with personal services like email, banking, social media, and cryptocurrency. However, 2FA and MFA are not the same.
2FA combines two distinct factors: your password (knowledge) and a code generated by an app on a smartphone (possession) or a fingerprint swipe (inherence).
MFA, on the other hand, goes beyond two factors to three or more, like a password, a push notification to a trusted device, and a fingerprint swipe. The best MFA solution offers adaptive authentication that leverages a combination of biometric and contextual factors. An all-in-one solution increases overall security while decreasing the friction of the login experience.
2FA is a great starting point, but a one-size-fits-all authentication approach does not work when users have different behaviors, personal devices, levels of access and attributes.
True MFA is the strongest option, because the ability to leverage more factors and adapt requirements to different scenarios to prove someone’s identity means a smoother authentication experience and significantly reduced risk of successful attacks.
What types of multifactor authentication are out there?
Multifactor authentication comes in many forms. The technology has been around for more than a decade, and there are more options to choose from than ever. The rise in personal smartphones and the advancement of mobile technologies (such as the camera and specialized sensors) have had an especially big impact on MFA options. Common methods include:
- SMS text and voice codes
- Hardware tokens
- Software tokens
- Push notifications
Each of these methods has its pros and cons, whether due to usability, cost, or comparative security.
The best authentication platform gives you the ability to choose more than one MFA method, so you can invest in one comprehensive solution while adapting to your business’ unique use cases.