Multifactor Authentication

Multifactor authentication (MFA or 2FA) is a security measure that requires the user to provide two or more forms of identification in order to access a resource, an account or system. MFA adds an additional^[1] layer of security beyond a password, making it more difficult for an attacker to gain unauthorized access.

Examples of MFA include:[edit]

• Something you know (e.g. password) and something you have (e.g. a security token or smartphone)
• Something you know (e.g. password) and something you are (e.g. a fingerprint or facial recognition)
• Something you have (e.g. a security token) and something you are (e.g. a fingerprint or facial recognition)
• A one-time code sent via text message or email and a password
• A biometric authentication such as a fingerprint scan or facial recognition combined with a password.

These examples use a minimum of 2 factors of authentication to validate the identity of the user, thus providing additional security and making it harder for the unauthorized person to gain access.

10 Advantages of 2FA/MFA[edit]

1. Provides additional layer(s) of security beyond just a password.
2. Reduces the risk of account takeover and unauthorized access.
3. Helps prevent social engineering attacks.
4. Can be used to verify the identity of the user.
5. Can be used to authorize access to sensitive information or systems.
6. Can be used to detect and prevent fraud.
7. Can be used to comply with regulatory requirements.
8. Can be used to improve incident response and forensic investigations.
9. Increases user awareness of security risks.
10. Can be integrated with other security technologies, such as biometrics and encryption

Methods[edit]

Users must not only keep private their passwords and ID factors, but also keep private which methods are used by which systems. In commercial MFA systems, administrators and users can manage these methods^[2].

See also[edit]

• Access Control

References[edit]