Multi-Factor Authentication (MFA) and cybersecurity

What is MFA?

MFA is the twofold verification of a user’s identification at the time of login, which consists of two distinct phases in which the user inputs their credentials. It provides an extra layer of protection to a user’s account to safeguard it from hackers who may have guessed or stolen the user’s initial credentials. Two-factor authentication often entails the user entering a password and then supplying a second authentication factor, such as a fingerprint, token, or physical card, or a one-time passcode texted to their phone. This procedure is used to safeguard sensitive data and guarantees that merely knowing a password is not sufficient to get access.

If one of the factors is hacked or broken, the attacker still has one or more hurdles to overcome before effectively breaking into the target.

Historically, MFA systems depended on two-factor authentication (2FA) but vendors are increasingly adopting the term ‘multi-factor authentication’ to describe any authentication method that needs two or more identification credentials to reduce the likelihood of a cyber attack.

MFA methods

A user’s identity may be confirmed in three ways:

• Using something the user is familiar with or knowledge factor:

Typically, knowledge-based authentication requires the user to answer a personal security question. Passwords, four-digit personal identification numbers (PINs), and one-time passwords (OTP) are also examples.

• Using a component that the user owns or possession factor:

To log in, users must have something particular in their hands, such as a badge, token, key fob, or phone subscriber identity module (SIM) card. In the case of mobile authentication, the possession factor is frequently provided via a smartphone in combination with an OTP app.

• Through the usage of a user-specific element or inherence factor:

Any biological characteristics that the user possesses that are validated for login. Biometric verification techniques based on inherence factor technologies such retina/iris scan, fingerprint scan, voice authentication…

MFA functions by combining two or more of these variables.

Why is MFA important?

One of the most serious flaws of standard user ID and password logins is the ease with which credentials may be stolen. Bad actors can use automated password cracking programs to guess numerous username and password combinations until they locate the correct sequence. Moreover locking an account after a specific number of failed login attempts might help safeguard an organization but hackers have a variety of alternative techniques for gaining access to the system. This is why multi-factor authentication is essential, since it can assist decrease security concerns.

Advantages and disadvantages of MFA

Multifactor authentication was implemented to increase the security of access to systems and applications using hardware and software. The objective was to validate users’ identities and ensure the integrity of their digital transactions. MFA offers advantages and drawbacks.

MFA adds levels of protection to the hardware, software, and personal ID, it can use OTPs sent to phones that are randomly generated in real time and are difficult for hackers to crack. It can also reduce security breaches by up to 99.9 percent over passwords alone and it is easily set up by users.

However, a phone is required to obtain a text message code. Hardware tokens can be lost or stolen, much as phones can. MFA algorithms’ biometric data for personal IDs, such as thumbprints, are not always correct and might result in false positives or negatives. Finally, if there is a network or internet outage, MFA verification may fail.

Sources:

Malik Zain, ‘Authentification à deux facteurs : qu’est-ce que c’est et que devez-vous savoir’, https://www.pingidentity.com/fr/company/blog/posts/2021/two-factor-authentication.html

McKeown Emily, ‘What Is Multi-factor Authentication (MFA)?’, https://www.pingidentity.com/en/company/blog/posts/2017/what-is-multi-factor-authentication-mfa.html

Shacklett Mary, ‘multifactor authentication (MFA)’, https://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA