Table of Contents
What is MFA? Multi-Factor Authentication
Multi-factor authentication is a security technology that requires two or more verification factors to allow a user’s log in, app transactions, or a VPN. Instead of just asking for a user’s username and passcode, MFA requires one or more verification factors, which significantly decreases the odds of hacking incidents.
MFA-based security systems aim to protect their users from unauthorized users that want a target’s personal information. Attackers have to get through several layers of authentication before successfully breaching the target’s data.
How Does Multi-Factor Authentication Work?
MFA works by asking for an additional verification factor aside from existing login credentials. The most common type of MFA factor that is adapted widely is an OTP or One-Time-Passwords. OTPs are passcodes that contain four to eight unique digits and can be sent through the user’s phone number (SMS), email, or a synced mobile application.
Whenever a login attempt is made, a new OTP is generated and sent to the user. This code is considered to be unique and will only be linked to the user that sent the OTP request.
Main Methods of Multi-Factor Authentication
There are three main methods of MFA authentication:
- Things you know (Knowledge) – Passwords or PINs
- Things you are (Inherence) – Biometrics like voice recognition, face IDs, or fingerprints. Apple Face ID can be compromised if the TrueDepth camera is not working correctly.
- Things that you have (Possession) – Security tokens, OTPs, or software certificates
Another method of MFA is location—it verifies the user through their IP address and geographical location (if possible). An unauthorized user is automatically blocked if the location information does not match the specified criteria. Location information can be paired with an OTP or password to verify the user’s identity.
Articles about Multi-Factor Authentication
General Articles about Verification
Multi-Factor Authentication vs Two-Factor Authentication
The terms multi-factor authentication (MFA) and two-factor authentication (2FA) are often used interchangeably. As the name suggests, 2FA only utilizes two of the known verification factors, while MFA may use two of the said verification factors or it could involve all three.
Pros and Cons of Multi-Factor Authentication
Although multi-factor authentication was considered to be a huge breakthrough for information security, it also shares some disadvantages. For instance, users tend to forget answers to personal questions that help to verify their identity, and some unknowingly share their personal security tokens and passwords online. Here are some pros and cons of MFA:
- Adds a reliable layer of security that’s hard to penetrate
- Can be easily set up by users
- OTPs are randomly generated in real-time and are sent directly to the user’s phone
- Effectively restricts unauthorized access, and can block users from unknown locations
- Cost-effective and can be easily implemented in businesses and sites
- OTPs can be compromised once a phone or phone number is lost or stolen
- Security tokens can be stolen or lost
- MFA can fail if the cell signal is weak or there’s no internet connection
- Biometrics are not always accurate and can result in false positives or negatives