- Multi-factor authentication (MFA) is a security measure that requires users to provide two or more verification factors to prove their identity when accessing an application or system.
- The three factors of multi-factor authentication (MFA) are knowledge factors, possession factors, and inherent factors.
- These factors are independent of each other, meaning that if one method is compromised, the others remain secure. MFA is a critical component of a robust security strategy because it provides multiple layers of protection.
Multi-factor authentication, or MFA, is a type of account access security that requires users to verify their identity in two or more ways to be able to sign in. This is much more secure than the traditional sign-on approach that only requires one method of authentication—usually a password.
MFA eliminates this risk by asking the user for further proof of identity. This means that, even if a hacker discovers a user’s password, they won’t be able to get into the account because it’s protected by a second layer of security. There are three main methods of verification used in MFA after a user has entered their login credentials. These involve something the user knows (knowledge), something they have (possession), or something they are (inherence).
Knowledge factors
Knowledge-based authentication (KBA) is the first type of authentication where the user’s knowledge is used. This might be a PIN, a backup password, or a response to a security question. Typically, when a user creates an account, security questions are configured along with their pre-determined answers. They’re also frequently used to confirm a user’s identity if they forget their password and help recover their account.
Static KBA is less safe than dynamic KBA. The security questions for this authentication method are generated in real time using frequently updated data records, such as credit transactions. Because a hacker will need access to the database where the questions are generated, it will be more difficult for them to determine the answers. The hacker might only need to know the user’s pet’s name when using static KBA.
Also read: Who is Jeff Weiner? LinkedIn former CEO epitomises ‘compassionate management’
Possession factors
Using the possession of the user is the second authentication method. This could be a physical object that allows the user to enter a place, like a key or smart card. On the other hand, it typically involves a token that creates an OTP (one-time password) for digital accounts. There are three examples of possession factors.
1. Email & SMS verification codes
Verification codes sent via text or email are arguably the most widespread form of authentication. Unfortunately, they are also the least secure of the possession factors because they can be intercepted by malicious players. Targeted attacks on mobile networks or email inboxes are easier to execute than we’d like to think.
2. Time-based, one-time passwords (TOTPs)
TOTPs are similar in concept to email and SMS verification codes, but they are more secure in practice. This is for two reasons: the code is produced directly on a device in the user’s possession, and; the code adheres to a strict time limit before expiring.
With no third-party network involved and a very narrow time window, there is much less opportunity for a potential breach.
3. Push notifications
Push notification factors are a more sophisticated version of TOTPs and can be easily implemented with mobile apps like JumpCloud Protect. Instead of inputting a time-sensitive code, the user just needs to accept the authentication request produced directly on their smartphone.
This factor is as easy as pressing a button and provides a better user experience than TOTPs. Additionally, push notification MFA seamlessly incorporates another factor of security by requiring a user to authenticate to their phone with a PIN, fingerprint, or face ID.
Also read: Who is Julia Hartz? Eventbrite CEO created a billion-dollar company in 4 years
Inherence factors
We have biometric authentication, which is based on something that the user is. This is the most secure authentication method because it’s the most difficult type of data for a hacker to steal.
Unlike behavioural biometrics, physical biometrics are unable to be changed by the user and are independent of any device. Physical biometric factors include fingerprints, facial recognition, voice recognition, and iris or retina scans.
In the context of authentication, the most common biometric factor is, of course, a fingerprint. While it is technically possible to fake this factor, it requires significant effort to do so and the technology of fingerprint scanners is continuously improving. Fingerprints are generally considered to be a very secure form of authentication, especially when combined with other factors.
Every one of these authentication methods has advantages and disadvantages, and some are more appropriate for particular industries than others. For instance, SMS token authentication is simple to implement for a large number of users and suitable for almost any user, but it lacks the security of biometric authentication. The most secure form of authentication is biometrics, but it also means that the company needs to implement stronger security protocols to safeguard the private data of its workers. You must take into account the security threats your company faces and use this knowledge to determine the MFA level required to safeguard your network.