What combination of authentication factors will qualify as multifactor authentication?
What Is Two-Factor Authentication (2FA)?Two-factor authentication (2FA) is a security system that requires two distinct forms of identification in order to access something. Show
Two-factor authentication can be used to strengthen the security of an online account, a smartphone, or even a door. 2FA does this by requiring two types of information from the user—a password or personal identification number (PIN), a code sent to the user's smartphone, or a fingerprint—before whatever is being secured can be accessed. Key Takeaways
Understanding Two-Factor Authentication (2FA)Two-factor authentication is designed to prevent unauthorized users from gaining access to an account with nothing more than a stolen password. Users may be at greater risk of compromised passwords than they realize, particularly if they use the same password on more than one website. Downloading software and clicking on links in emails can also expose an individual to password theft. Two-factor authentication is a combination of two of the following:
2FA is not just applied to online contexts. It is also at work when a consumer is required to enter their zip code before using their credit card at a gas pump or when a user is required to enter an authentication code from an RSA SecurID key fob to log in remotely to an employer’s system. Despite the slight inconvenience of a longer log-in process, security experts recommend enabling 2FA wherever possible: email accounts, password managers, social media applications, cloud storage services, financial services, and more. Examples of Two-Factor Authentication (2FA)Apple account holders can use 2FA to ensure that accounts can only be accessed from trusted devices. If a user tries to log in to their iCloud account from a different computer, the user will need the password, but also a multi-digit code that Apple will send to one of the user's devices, such as their iPhone. Many businesses also deploy 2FA to control access to company networks and data. Employees may be required to enter an additional code to sign into the remote desktop software that allows them to connect to their work computers from outside the office. Special ConsiderationsWhile 2FA does improve security, it is not foolproof. Hackers who acquire the authentication factors can still gain unauthorized access to accounts. Common ways to do so include phishing attacks, account recovery procedures, and malware. Hackers can also intercept text messages used in 2FA. Critics argue that text messages are not a true form of 2FA since they are not something the user already has but rather something the user is sent, and the sending process is vulnerable. Instead, the critics argue that this process should be called two-step verification. Some companies, such as Google, use this term. Still, even two-step verification is more secure than password protection alone. Even stronger is multi-factor authentication, which requires more than two factors before account access will be granted. As the name suggests, multi-factor authentication (MFA) is the use of multiple factors to confirm the identity of someone who is requesting access to an application, website or other resource. Multi-factor authentication is the difference between, for example, entering a password to gain access and entering a password plus a one-time password (OTP), or a password plus the answer to a
security question. By requiring people to confirm identity in more than one way, multi-factor authentication provides greater assurance that they really are who they claim to be—which reduces the risk of unauthorized access to sensitive data. After all, it’s one thing to enter a stolen password to gain access; it’s quite another to enter a stolen password and then also be required to enter an OTP that was texted to the legitimate user’s smartphone. Any combination of two or more factors qualifies as multi-factor authentication. The use of only two factors may also be referred to as two-factor authentication. Multi-Factor Authentication: How It Works The three categories of multi-factor authentication methodsA multi-factor authentication method is typically categorized in one of three ways:
Examples of multi-factor authentication methodsAny of the following methods can be used in addition to a password to achieve multi-factor authentication. Biometrics—a form of authentication that relies on a device or application recognizing a biometric, such as a person’s fingerprint, facial features or the retina or iris of the eye Push to approve—a notification on someone’s device that asks the user to approve a request for access by tapping their device screen One-time password (OTP)—an automatically generated set of characters that authenticates a user for one login session or transaction only SMS text—a means of delivering an OTP to a user’s smartphone or other device Hardware token or hard token—a small, portable OTP-generating device, sometimes referred to as a key fob Software token or soft token—a token that exists as a software app on a smartphone or other device rather than as a physical token The benefits of multi-factor authentication
Are there drawbacks to multi-factor authentication?In the process of creating a more secure access environment, it’s possible to create a less convenient one—and that can be a drawback. (This is especially true as zero trust, which treats everything as a potential threat, including the network and any applications or services running on the network, continues to gain traction as a foundation for secure access.) No employee wants to spend extra time every day dealing with multiple obstacles to logging on and accessing resources, and no consumer in a hurry to get some shopping or banking done wants to be waylaid by multiple authentication requirements. The key is to balance security and convenience so that access is secure, but the requirements for access are not so onerous as to create undue inconvenience for those who legitimately need it. The role of risk-based authentication in multi-factor authenticationOne way to strike a balance between achieving security and ensuring convenience is to step up or dial down authentication requirements based on what’s at stake—i.e., the risk associated with an access request. This is what’s meant by risk-based authentication. The risk can lie with what’s being accessed, who’s requesting access or both.
The future of multi-factor authentication: AI, ML and moreMulti-factor authentication is continually evolving to provide access that’s both more secure for organizations and less inconvenient for users. Biometrics is a great example of this idea. It’s both more secure, because it’s tough to steal a fingerprint or face, and more convenient, because the user doesn’t have to remember anything (like a password) or make any other major effort. The following are some of the advances shaping multi-factor authentication today.
Be assured that multi-factor authentication will continue to change and improve in the quest for ways people can prove they are who they say they are–reliably and without jumping through hoops. What are the factors in multifactor authentication?Authentication using two or more factors to achieve authentication. Factors are (i) something you know (e.g., password/personal identification number); (ii) something you have (e.g., cryptographic identification device, token); and (iii) something you are (e.g., biometric).
What are the types of authentication methods used in multifactor authentication?Three Main Types of MFA Authentication Methods
Things you know (knowledge), such as a password or PIN. Things you have (possession), such as a badge or smartphone. Things you are (inherence), such as a biometric like fingerprints or voice recognition.
What are the two most commonly used authentication factors in multifactor authentication?The most commonly used MFA factors fall into one of three categories: Knowledge, aka something you know, such as a password or security question. Possession, aka something you have, such as an SMS code or physical key. Inherence, aka something you are, such as a fingerprint or face ID.
How many factors are involved in a multifactor authentication?There are three authentication factors: Knowledge Factor (something you know) Possession Factor (something you have) Inherence Factor (something you are)
|