Multi Factor Authentication (MFA)

Multi factor authentication - Secret Double Octopus

Multi-Factor Authentication (MFA) is an identity verification process that requires the access-requesting party (can be a person, software or machine) to produce to the authenticating party multiple identifiers – multi-factors – that are linked to its identity, instead of the typical single identifier – usually a password – required by default in many systems.

MFA is used to improve security by requiring an attacker to gain possession of multiple identifiers in order to authenticate to the protected system. Identifiers used to authenticate users can include something the user knows (i.e. a password, knowledge-based authentication questions, etc.), something the user has (i.e. a physical one-time passwords (OTP) generator device, a registered mobile device or computer, etc.) or something the user is (biometric data such as fingerprint, face, unique behavioral patterns, etc.).

Typical MFA authentication would require a user to produce a password (first factor), an OTP code (second factor), and also submit the authentication request from a previously registered computer (third factor). Many other combinations of identifiers can be used. The determination which combination to used is determined by budget, usability, threat assessment, etc. Implementing MFA for non-human actors (software or machines) is harder to implement and therefore more rarely practiced.

 

 

Frequently Asked Questions
What is multi-factor authentication?

MFA is an authentication scheme that requires the access-requesting party (typically a user, but can also be software or a machine) to produce multiple identifiers – multiple factors – in order to be authenticated.

Which factors can be used as multi factor authentication?

Identifiers used to authenticate users can include something the user knows (i.e. a password, knowledge-based authentication questions, etc.), something the user has (i.e. a physical one-time passwords (OTP) generator device, a registered mobile device or computer, etc.) or something the user is (biometric data such as fingerprint, face, unique behavioral patterns, etc.).

Which is the strongest form of multi factor authentication?

The strongest factors are those that are hardest to steal or forge. Physical authenticators are hard to steal and forge. Biometric signatures are hard to forge, and when implemented properly, can be difficult to steal. Passwords on the other hand are notoriously vulnerable and in many cases considered easy to steal and forge.