What Is Multi-Factor-Authentication?

September 28, 2020

Return to Learning Center

Modern web app safety via MFA

In recent years, you might have noticed that more and more websites are requiring you to submit your phone number to obtain some kind of token to login in addition to just remembering a password. While annoying and cumbersome at times, multi-factor Authentication (MFA) is a great safety and security measure that dramatically reduces the risk of data hacks.

MFA is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy for any enterprise. Rather than just asking for a simple login name and password, MFA requires one or more additional verification factors, which dramatically decreases the likelihood of a successful cyber attack.

The main benefit of MFA is it will enhance your organization's security by requiring your users to identify themselves by more than a username and password. While important, usernames and passwords are vulnerable to brute force attacks and can be stolen by third parties. Enforcing the use of an MFA factor like a thumbprint or physical hardware key means increased confidence that your organization will stay safe from cyber criminals.

MFA works by requiring additional verification information (factors). One of the most common MFA factors that users encounter are one-time passwords (OTP). OTPs are typically those 4-8 digit codes that you often receive via email, SMS or some sort of mobile app like Google Authenticator. With OTPs a new code is generated periodically or each time an authentication request is submitted. The code is generated based upon a seed value that is assigned to the user when they first register and some other factor which could simply be a counter that is incremented or a time value. Because this value times out after a while, the odds of any attacker brute-forcing a password guess is astronomically low.

Most MFA authentication methodology is based on one of three types of additional information, though there are many other types of MFA such as location and more:

Things you know (knowledge), such as a password or PIN or answers to personal security questions

Things you have (possession), such as a badge or smartphone/p>

Things you are (inherence), such as a biometric like fingerprints or voice recognition/p>

In casual speaking, MFA is often used interchangeably with the term two-factor authentication (2FA). 2FA is basically a subset of MFA since 2FA restricts the number of factors that are required to only two factors, while MFA can be two or more. You should feel more confidence when using a service that provides MFA or 2FA because you know that they're trying to take their users privacy very seriously.

We hope you enjoyed reading this guide and learned something new! Check out our Learning Center to learn more about online privacy and security or consider subscribing to our Online Privacy Service to remove your phone number, name, and address from Google, Bing, Yahoo, and DuckDuckGo search results and hundreds of data broker sites.