An enterprise business of any size is vulnerable to a cyberattack, and according to the Verizon 2022 Data Breach Investigations report, financial continues to be the top motive for hackers to instigate an attack. Sadly, this means it isn’t about the data your company holds, it’s how much it will cost should it become compromised. With nearly 20% of organizations experiencing data breaches caused by stolen or compromised credentials protecting organizational networks and resources with multi-factor authentication (MFA) is more important than ever.
Single-use authentication (aka. username and password) is no longer a sufficient security control and as credentials are still largely sought after by threat actors to gain access to accounts it’s important to have good password hygiene in combination with strong multi-factor authentication.
But what is MFA and how can it help control which endpoints can access your networks and resources? We’ll take a look at this and more below:
- What is MFA?
- What is the difference between MFA and 2FA?
- When should MFA Be Used?
- What are the benefits of MFA?
- Types of Authentication Methods
What is Multi-factor Authentication (MFA)?
Multi-factor Authentication (MFA) is a security mechanism that requires the user to provide two or more methods of identification in order to validate their identity for a login or transaction. MFA is designed to add an extra layer of protection to systems, networks and sensitive data through the use of verification factors.
MFA verification factor categories include:
- Something the user has – such as a text, application or email
- Something the user knows – such as a password or pin
- Something the user is – such as fingerprint, face, or even voice
- Somewhere where the user is located – such as the users GPS location
What is the Difference Between Multi-factor Authentication and Two-Factor Authentication?
Two-factor Authentication (2FA) is a subset of multi-factor authentication, using only two verification factors. 2FA evaluates to see whether the user is who they say they are based on the chosen factors.
When Should Multi-factor Authentication Be Used?
Multi-factor authentication should be used for networks, resources and systems (such as website or internal) that store and work with sensitive data. Passwords alone are no longer enough to protect your business from a cyberattack, and if it's important to the running and functionality of your business, you should add MFA to it.
What are the Benefits of Multi-factor Authentication?
- Increase to security – each factor compensates for the weakness of the other factors. For example, authentication factors about “something the user knows”, like passwords and pins, can be susceptible to brute-force (hackers forcing logins) or social engineering attacks. You can supplement it by adding an authentication factor that is not so easily guessed, like “something you have” by authenticating users through their mobile device or through “something you are” like a biometrics factor such as a fingerprint or voice. Unless the hacker has all of the factors required by the system, they will not be able to access the account
- Ability to meet relevant compliance standards – there are certain situations which are specified by some compliance standards (federal, state or otherwise). However, it’s important to choose the right authenticators and ensure they meet the relevant standard
- Simplification of login process – You would think that having multiple authentication factors would make logging into accounts more complicated. But the added security given by MFA actually allows companies to use more advanced login options like single sign-on (SSO). Giving practicality to MFA implementation and avoiding login-fatigue, a single MFA instance could cover all apps needed by the user
- Easy to implement – the types of authentication methods available means you can find the solution which works best for your organization
- Support and up-to-date services – if you choose to employ a supplier, such as GlobalSign, to assist you with implementation of MFA in your organization, this will come with their expertise, support and the ability to stay up-to-date with services, authentication methods and technology
Types of Authentication Methods
- One-time password (OTP) tokens are traditionally physical items that are carried by a user and feature a small screen that displays a random number generated by the device
- SMS authentication relies on the availability of a user’s mobile device to add a second factor. A text message is sent to the user’s mobile phone after they log in with their username and password
- Out-of-Band relies on the proximity of a user to the use of a phone which is registered with the account. The user receives a call on their mobile or landline and is asked to dial in a number or repeat a small, set phrase
- Biometric represents the “something you are” authentication factor, such as your fingerprint, face, eye or even handwritten signature
- Smart Card or USB tokens can identify the user through multiple factors of authentication simultaneously, by requiring the possession of the card or token, the password to unlock the card’s multiple certificates (often ones for both the card and the user) and even biometric authentication
- Certificate-based authentication is the use of a digital certificate to identify a user and often a device (or devices) employed by a known user on the network and is often deployed in coordination with traditional user authentication methods such as username and password
Multi-factor authentication is an essential component of cybersecurity that should be considered by enterprise businesses of all industries and sizes.
Editor's Note: This article was originally published in 2018 and updated in November 2022.