What is multifactor authentication (MFA)?

Tim Connell

Password protection is showing itself to be increasingly insufficient to protect our data and our systems, but a viable replacement is still years away from widespread acceptance. A powerful way to close the gap in the meantime is by using multifactor authentication (MFA) whenever available.

MFA is a defensive measure against cyber threats to your online accounts that supplements the use of passwords. It gives you that extra shield to strengthen your password-based login process by requiring an additional verification.

Bigger companies get it, as statistics show that while only 13% of employees at small to medium-sized businesses (SMBs) are required to use MFA, a whopping 87% of employees at large organizations have implemented this added layer of security. 

You may have noticed that major email providers like Microsoft and Google have adopted MFA to respond to this growing threat to enhance the security of their user’s accounts. Whether you are new to cyber security or an expert, this guide is meant to educate you on the various categories of MFA and the different authentications mechanisms for each category.

Factors used for MFA

The single-factor authentication (SFA) process typically involves providing a username and a password. This password, most often your first line of defense, typically falls under the category of something you know, which ideally has some level of complexity added via a combination of numbers, symbols and letters unique to you.

To enhance security further, MFA brings an additional layer of protection by requiring additional authentication from another family of proof.

Specifically, authentication factors come from these categories:

Something you know: This includes your password, a personal identification number (PIN), or even an answer to a security question like your favorite musician or your favorite food.

Something you have: The second factor can be in different forms with physical keys or credit cards being the most familiar mechanisms from this category. Options for digital authentication include getting a code from an authenticator app like Authy or Google Authenticator, using physical hardware tokens (used in high-security environments), and a one-time verification passcode through email or text message.

Something you are: Modern technology has made biometric authentication possible. Facial recognition, your fingerprint, even your voice can be the second factor on smartphones. 

The key to all of this is to verify identity through a combination of two distinct factors, strengthening security measures across the board.

Here are how the methods mentioned above work:

Text messages (SMS)

One of the most straightforward MFA modes is using SMS or text messages to deliver a one-time login code to your registered mobile device. This method is simple, as it requires only a cellphone enabled to receive text messaging. For personal accounts, text-message-based MFA is common due to its convenience.

However, there is a potential risk of identity impersonation — a criminal could deceive the phone company, seize control of your phone number and gain unauthorized access to your accounts.

Using authenticator apps

Some accounts offer the option of utilizing an authenticator app installed on your device, such as a tablet or phone. These apps include Microsoft Authenticator, Google Authenticator and Duo. These apps generate time-based verification passcodes on top of those received through email or text. The main difference is the enhanced security. Many of these apps have an advanced feature called push notifications which further strengthens security.

When using this feature, when someone tries to access your account, you will receive a real-time notification on your mobile device including valuable details about the login attempt, like the date and time of the attempt, the type of device used, the geographical location of the login attempt and the account being accessed. With a simple tap, you can deny or approve the login request, allowing you to control your account’s security. If you are seeking a higher level of protection, this is a good option.

Biometric authentication

This method depends on the physical attributes that make you, you. It is a unique authentication method, as it needs a physical person to grant access to your account. It uses a fingerprint on your tablet or capturing retina scans through your device’s camera — most smartphones have this feature.

However, there are limitations to biometric authentication. First, if this method gets compromised, it can have lifelong consequences, because, unlike a password which can be changed anytime, your retina can never be changed. Technically, if accessed, hackers can compromise your accounts forever.

By adopting MFA, you add a critical layer of security that significantly reduces the risk of unauthorized access, making it an essential practice for anyone looking to safeguard their online presence. Implementing MFA is a proactive step toward protecting your digital assets and staying ahead of potential cyber threats.

Tim Connell is the director of cybersecurity services delivery at Pulsar Security.