What is Multi-Factor Authentication?
All too often, I see companies that rely solely on passwords to keep their data and applications secure. Requiring users to enter only something that they know—a password—is considered single-factor- authentication. While many companies educate their employees on password security best practices (such as “strong” passwords that use a combination of letters, numbers, and symbols), this is usually not enough. Relying on single-factor authentication to protect your most valuable digital assets is risky business. After all, it only takes one weak link to compromise the entire system. Because of this, I encourage all of the companies I work with to consider using multi-factor authentication.
Multi-factor authentication—also called MFA, two factor authentication, three factor authentication, or TFA—is a form of security authentication that requires a user to present two or more of the three possible authentication factors. In order for the authentication to be complete, the other party (the computer, the website, the building entrance system) must validate each factor after it is presented.
The authentication factors used in multi-factor authentication are identified by the standards and regulations of the U.S. government as knowledge, possession, and inherence. This can be better understood as “something you know,” “something you have,” and “something you are.”
Knowledge: Something You Know
The knowledge factor is perhaps the most commonly used authentication factor in our day-to-day lives. When presenting a knowledge factor in order to authenticate, you must prove that you know a secret, like a password or four-digit pin number. Another common knowledge authentication method is a pattern, when you must touch or swipe a designated design on a series of cells (commonly used to unlock the screen of a smartphone).
Possession: Something You Have
To authenticate using the possession factor, you must prove that you have something that is required for the authentication process—like a smart card, magnetic stripe card, one-time SMS code, or hardware key fob. The “possession” factor has long been used as a means to protect our homes and belongings (in the form of a key).
Inherence: Something You Are
The inherence factor in authentication requires you to prove who you are using biometrics—a scientific way of saying your unique physical or behavioral characteristics. Using technology, your identity is confirmed by validating your fingerprint, voiceprint, iris, or other unique physical feature.
Multi-Factor Authentication at the ATM
Chances are, although you may not be familiar with the term “multi-factor authentication,” you’ve been using it for years. Every time you use an ATM, you first enter your debit card (possession: something you have) and then enter your pin (knowledge: something you know) before starting your transaction.
Multi-Factor Authentication for Businesses
While many businesses and employees may feel comfortable using the single factor authentication system that they are used to, the switch to multi-factor authentication provides a substantially higher level of security, as it adds another layer of authentication required to access company files and information. In the case of an attempted hack or security breach, this extra layer can prove to be the difference between a compromised or secure system. Even if someone is able to intercept a password or pin, in order to access the system they would then need to provide another authentication factor—a token, or biometric scan—factors that an outside intruder would find nearly impossible to present.
With the many “possession” and “inherence” factors that are available today (USB tokens, one-time SMS codes, fingerprint swipes, etc.), using multi-factor authentication doesn’t have to come at the cost of convenience, either. It’s just a matter of finding an additional authentication factor that meets the needs of your business.
The Future of Multi-Factor Authentication
With recent security breaches making headlines and the advancement of token technology, it’s likely that multi-factor authentication will become standard in the near future. Facebook and Google recently added a multi-factor authentication option, and many European financial institutions are already requiring it.
In order to protect your company, or your clients, from risks related to password security it is essential that you're using multi factor authentication. To be frank, it's a future-proof authentication security solution.