Single-Factor Authentication (SFA)
Single-Factor Authentication (SFA) is an identity verification process that requires the access-requesting party (can be a person, software or machine) to produce to the authenticating party a single identifier – single factor – that is linked to its identity. SFA is used by default in many systems because it is easy and cheap to implement.
The most prominent single factor identifier is the password. Other identifiers commonly used include SMS-code to a registered mobile device, one-time password (OTP) generated by a physical device or by software running on a mobile device or computer.
SFA is considered less secure than MFA, especially when the identifier is a vulnerable password.
One of the recommendations any cybersecurity expert will give is to avoid reusing passwords across multiple accounts. However, when users must maintain long and complex passwords across several accounts, they tend to reuse their passwords verbatim or with small variations.
When hackers find the password to an account, they can quickly gain access to other accounts that use a similar password.
Passwords are inherently flawed, users rely on memory therefor will underestimate the need for higher security choosing simple passwords that can be easily guessed or social engineered As computing power becomes increasingly available at affordable prices, attackers find it easier to break into accounts through brute-force methods, such as testing every possible combination in super-rapid succession to find the right password.
To avoid being brute-forced, users must choose passwords that are longer and more complex, containing lower- and upper-case letters, digits and symbols. They must also change their passwords regularly. This puts a lot of strain on users, especially when they must make the same considerations for dozens of online accounts.
A lot of users avoid taking such measures. Year after year, studies find that such as “123456,” “password” and other poor passwords remain extremely popular.
Systems protected by SFA have one identifier standing between an attacker and access to the system. The security of the system is therefore dependent on how easy it is to steal or forge the identifier. Passwords, which have been used for many years and on many systems as the single factor of authentication, have proven to be vulnerable to both theft (phishing, man-in-the-middle, social engineering, etc.) and forgery (brute force attacks, dictionary attacks, etc.).