Blog

What is Multi-factor Authentication?

May 19, 2024 /

Multi-factor authentication, commonly abbreviated as MFA, is a crucial concept in the realm of cybersecurity. The Cybersecurity and Infrastructure Security Agency defines MFA as a layered approach to securing data and applications, necessitating a user to present two or more credentials to verify their identity for login. In essence, MFA is a security measure that requires the user to provide multiple pieces of evidence to authenticate their identity.

For most of us, two-factor authentication (2FA) is a familiar form of MFA. A widely seen example of 2FA is when you log into a system, are prompted to enter a password, and subsequently receive a one-time code to your email as a supplemental security measure. Another everyday example, which often goes unnoticed, is using a debit card. Inserting or swiping the card serves as the initial form of authentication, and entering the PIN provides an additional layer of verification.

Typically, the forms of evidence or ‘factors’ required in MFA are categorized into three broad categories. The first category, ‘something you know,’ includes credentials like a password or a personal identification number (PIN). The second category, ‘something you have,’ comprises items like a smart card, mobile token, or hardware token. The third category, ‘something you are,’ involves biometric data such as a fingerprint, palm print, or voice recognition.

It’s worth noting that security questions are not considered a separate factor in MFA. They fall within the ‘something you know’ category alongside the password. Moreover, the answers to these questions can often be discovered relatively easily, as demonstrated in the 2013 movie “Now You See Me.”

The benefits of using MFA are numerous and significant, even when just using two-factor authentication. A blog post by Google highlights some compelling statistics in this regard. It reported that an SMS code sent to a recovery phone number successfully blocked 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks. This data underscores the effectiveness of two-factor authentication in thwarting a variety of cyber threats.

MFA is so effective that some insurance underwriters will charge higher premiums if a business does not have some form of MFA enabled for its critical systems.

Despite these significant benefits, the adoption of MFA is not as widespread as one might expect. A study conducted by Last Pass in 2021 discovered that globally, only 33% of users in the education sector and a mere 28% of the US population across all industry sectors were utilizing some form of MFA. This relative lack of widespread adoption occurs despite numerous instances where students have gained unauthorized access to teachers’ accounts, altered grades, and caused other forms of disruption. In many of these cases, the implementation of MFA could have prevented these incidents.

Nevertheless, it is important to remember that MFA, while a powerful tool, is not the end all be all of cybersecurity. Like any security measure, MFA can be exploited and is not immune to hacking.

However, it does serve to significantly slow down cyber attackers and, on numerous occasions, stop an attack entirely by adding an extra layer of defense. Therefore, despite its potential vulnerabilities, MFA remains a crucial part of a robust cybersecurity strategy.

Leave a Reply

Your email address will not be published. Required fields are marked *