Multi-factor authentication (MFA) is a method of authentication for which you have to provide two or more verification factors to access your digital account and resources.
It is a core component of any strong identity & access management policy. It not only asks for a username and password, but also requires verification factors. So, it significantly decreases any chances of a successful malicious attack.
Why is it important?
It will significantly enhance your security as users have to provide more than just a username and password. These usernames and passwords are pretty vulnerable to brute force attacks. But MFAs like fingerprints or some other factors will keep your resources safe.
How does it work?
This authentication process works by requiring additional verification information. The most common factor for MFA is OTP (one-time password). These OTPs are 4 to 8 digit long codes that you receive in your email or SMS after you engage the system.
With these OTPs, a new code is generated each time an authentication required is forwarded to you. This code is generated based on the seed value assigned to the user when they first register and other factors.
Examples of MFA include using a combo of the following elements for authentication,
Knowledge-What you set up
- Answers to any personal secret questions.
- OTP is both knowledge and possession because you have the OTP, and you also have possession of your phone or access to your email.
- OTP generated by smartphone applications.
- OTP sent in an email or text.
- USB device, access badges, security keys, or smart cards.
- Software certificates or tokens.
- Behavioral assessment.
- Fingerprint, voice, facial recognition, reticle scan, or biometrics.
Difference Between 2FA and MFA
2-Factor Authentication (2FA) is often interchangeably used with MFA. But 2FA is just a subset of MFA because 2FA limits the number of factors required for authentication to only two. But in MFA, more than two factors or layers of knowledge are mandatory for authentication.