Platform Features
By Need
By Industry
Partner Program
Our Partners
Key Alliances
Resource Center
{ "term_id": 162, "name": "Harold Bell", "slug": "harold-bell", "term_group": 0, "term_taxonomy_id": 162, "taxonomy": "wpx-authors", "description": "", "parent": 0, "count": 111, "filter": "raw" }
Multi-Factor Authentication (MFA) is a process that establishes that a user requesting access to a digital resource is actually who he or she claims to be. MFA is necessary and growing in popularity because the enduring yet deficient username/password pair is no longer enough to verify a user’s true identity. Instead, MFA requires users to provide additional verification factors, such as a one time password (OTP), before authenticating the user and granting access.
Defining MFA requires first defining authentication. The process of authentication involves verifying a user’s identity. Usernames and passwords no longer work for this purpose. They can get stolen or guessed, leading to user impersonation and resulting in security breaches. You might possess Joe’s username and password, but are you really Joe? Can you prove it? Can you show that you are the authentic Joe?
MFA requires Joe to authenticate himself with two or more verification factors. MFA factors could be something Joe has, like a secure USB key, or some unique feature of Joe himself, like his fingerprint or face. Verification factors could also be something that Joe knows, such as the name of the street he grew up on, or a single-use password. In this latter case, Joe’s mobile device is acting as a verification factor, too. However, it’s important to point out that SMS text- based MFA is no longer best practice, and should be replaced with authenticator apps like Microsoft Authenticator, Authy, and Google Authenticator.
Most of us have encountered MFA, even when we’re not using a computer. For example, if you’ve ever been asked to verify your date of birth when you call your bank, you’re going through a verbal MFA process.
MFA is important because it is a critical countermeasure against the impersonation of users. Indeed, without MFA, systems become vastly more exposed to risk. MFA is also important because it corrects the growing deficiency of simple username/password login processes. As experience has repeatedly shown, users tend to have trouble keeping track of usernames and passwords. As a result, they often use the same credentials for all their systems—a practice that invites breaches by letting a hacker use one set of stolen credentials to break into multiple systems.
MFA is also gaining in importance as remote or hybrid work becomes so prevalent. With users outside the corporate firewall, authentication is critical to keeping out malicious actors. Many companies are using device-based MFA for this purpose. The user provides a unique identifying number visible on a mobile app as a verification factor. Another approach is to have a specialized app automatically validate the user’s identity without the user having to do anything.
Using MFA brings with it a number of benefits. Better security is the most compelling, but it is far from the only benefit. MFA creates an added layer of control over system and network access. It cuts down the odds of a hacker getting unauthorized access to a system. Improvement in fraud prevention is a related benefit. With MFA, it becomes harder for someone to impersonate a customer and commit fraud. This can be a serious problem with e-commerce stores, for example, if they allow a customer to store a credit card number with their account. If someone can gain access to their account, they can illegally buy and ship products to themselves.
MFA has the potential to facilitate productivity gains. In a hybrid work scenario, for example, MFA makes secure access possible from any device or location. Confident of security, companies can become more flexible in allowing flexible work arrangements.
In operational terms, MFA can help cut security and IT support costs. In particular, correct deployment of MFA translates into fewer suspicious logins to investigate. This frees security team members to do more valuable work. MFA should also reduce the number of problematic data uploads or downloads because the organization has greater trust in its users’ authentic identities. There are fewer situations where a security team may be concerned that an unauthorized person got access to sensitive information, and so forth.
MFA solutions work in several ways, depending on their design and the types of verification factors they employ. The fundamental workflow is almost always the same, however: Joe inputs his basic login credentials. The system he wants to access then prompts an MFA solution to send Joe a request for a verification factor.
This might involve the MFA solution sending a unique verification factor to Joe through a separate channel, such as an authenticator app on his mobile device. Joe then enters the verification factor, or factors, where requested—typically in a box on the same login page he’s already seeing. The MFA solution then checks what Joe has entered against its record of Joe’s verification factors. If the two match, Joe has passed the MFA test and is allowed access to the system.
There can be a good deal of variation in the specifics of this workflow. For example, if MFA relies on “something you know” security questions, then Joe has to answer the questions correctly to get access. If it’s based on biometrics, Joe has to submit biometric data in some way, such as through a facial recognition system. Biometrics can also be used to unlock an authenticator app. If MFA uses one-time passwords (OTPs), the MFA solution has to generate the OTP and send it to Joe through a mechanism like an email or text message. If MFA is app-based, then Joe will have had to download the app prior to attempting the login.
A lot can go wrong if an organization does not use MFA to authenticate its users. The risk of unauthorized access to systems and sensitive data increases dramatically. Negative outcomes include data breaches, loss of confidential information, and violations of regulations protecting consumer privacy. Unchecked unauthorized access can also expose an organization to ransomware attacks and other disruptions that could impede operations and affect a company’s reputation.
Are you actually whom you say you are? That’s the question that MFA asks of people who want to log into networks and systems. The process verifies user identity by compelling users to submit a verification factor such as a digital fingerprint or one-time password before they will be allowed access. MFA bolsters security posture by reducing the likelihood of a malicious actor impersonating a user to get unauthorized access.
Are you actually whom you say you are? That’s the question that MFA asks of people who want to log into networks and systems. The process verifies user identity by compelling users to submit a verification factor such as a digital fingerprint or one-time password before they will be allowed access. MFA bolsters security posture by reducing the likelihood of a malicious actor impersonating a user to get unauthorized access.
Experience the speed, scale, and security that only Noname can provide. You’ll never look at APIs the same way again.
Certified for your security needs.
