Multi-Factor Authentication (MFA): What it is and Why We Should Use it

What are 2FA and MFA? 

Two-factor authentication, also referred to as 2FA, is becoming a security standard for both individuals and organizations. But what is 2FA, and why should we be using it? Two-factor authentication is an extra layer of protection, whereby users are required to provide 2 methods of identification before they can access their account. PCMag’s lead security analyst, Neil J. Rubenking, suggests that there are 3 main factors for authentication. These 3 factors are something you know (such as a PIN or password), something you have (such as a smartphone or credit card), and something you are (such as a fingerprint or face ID). Two-factor authentication means that you are using 2 of these factors to access your account. 

Multi-factor authentication (MFA) is when you are using 3 or more factors to access your account. Both 2FA and MFA are becoming standard security measures for organizations seeking additional security for their accounts and team members. But that doesn’t mean that only work accounts should have 2FA or MFA enabled; keeping your personal accounts safe is equally important.

Cartoon graphic showing girl setting up a password

Types of Authentication 

Below are some of the most common types of authentication. Some are more effective than others and the more you use, the better! 

SMS and voice-based  

This is probably the authentication form you’ve seen the most. Platforms will ask for a phone number at the point of registration so that whenever you log in, you’re sent a code via text or voice memo that can be used to verify your identity before you’re given access to the platform.  

Although this is probably the most common form of authentication, it isn’t the most secure or reliable. It isn’t difficult for hackers to figure out your phone number and once they do, 2FA leaves them with many opportunities to compromise your accounts. This type of authentication also doesn’t work if your phone is dead, not with you or you don’t have service, which can cause a lot of trouble for travelers.  

Software token 

Many sites are now compatible with various authenticator apps. This form of authentication uses authentication apps to generate a time-based, one-time passcode that you enter to complete the login after you have already entered your username and password. Two of the most commonly used authenticator apps are Microsoft Authenticator and Google Authenticator.  

Hardware token 

Hardware tokens are primarily used by businesses and are one of the oldest forms of authentication. Hardware tokens generate a new code at regular intervals that you need to enter when you want access to an account. The hardware that generates the code is typically small like a key fob or USB. 

Push notification 

Push notifications add an extra layer of security by alerting you when a login attempt is taking place. The account owner can then either approve or deny the login attempt, with no additional information required.  

Biometric 

Biometer authentication is growing in popularity. It treats the user as the authentication token. For example, most cell phones use fingerprints or facial recognition to allow access. Some call centers even use voice recognition to confirm their client’s identity.  

Cartoon graphic of young male receiving visual authentication on his mobile device

Why Use 2-Factor or Multi-Factor Authentication? 

With today’s cyber landscape and the rise of cybercrime, using only a password is simply not enough to protect yourself. A Verizon Data Breach Report states that approximately 80% of hacking-related incidents resulted because of stolen or weak passwords. 2FA or MFA adds another layer for the hacker to crack, making the hacker’s goal much more difficult to achieve.  For example, if you are using an authenticator app on your phone for two-factor authentication, even if the hacker cracks your password, they still won’t be able to access your account without the one-time code generated by your app. 

Are 2FA and MFA secure? 

Yes, they are! But keep in mind that nothing online is invulnerable to hacking attempts.  It’s not likely, but it is possible for hackers to defeat authentication if they gain access to your email account or phone number. We’ve seen hackers successfully bypass authentication measures using the account recovery process that often resets a user’s current password and emails a temporary password to allow the user to log in. We’ve also seen hackers successfully trick mobile phone companies into transferring phone numbers, so that they can get access to the authentication code. It is possible for hackers to bypass authentication measures, but the odds are extremely low. Hackers must go to extra lengths and companies are continuously improving their security processes to keep up with the loopholes exploited by hackers. 2FA and MFA continue to be necessary security tools in fighting against cybercrime. 

Cartoon graphic showing a female achieving success

Nowadays, almost all major platforms offer two-factor authentication or multi-factor authentication when logging in to your accounts. Just check the settings on all your accounts and devices to see if it’s available. As a first step, we’d recommend downloading an authenticator app, like Microsoft Authenticator, and using it whenever possible!  Adding this extra layer of protection for yourself or for your organization is an easy way to protect your accounts and reduce your cyber risk. 

Stay Safe! And remember, passwords alone are not enough! 😊  

Previous
Previous

7 Cyber Best Practices for Remote Workers

Next
Next

Cyber True Crime: The Affiliate Part 5