What is Multi-Factor Authentication (MFA)?
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN.
One of the most common MFA factors that users encounter are one-time passwords (OTP). OTPs are those 4-8 digit codes that you often receive via email, SMS or some sort of mobile app. With OTPs a new code is generated periodically or each time an authentication request is submitted. The code is generated based upon a seed value that is assigned to the user when they first register and some other factor which could simply be a counter that is incremented or a time value.
What are the pros and cons of MFA?
Multifactor authentication was introduced to harden security access to systems and applications through hardware and software. The goal was to authenticate the identity of users and to assure the integrity of their digital transactions. The downside to MFA is that users often forget the answers to the personal questions that verify their identity, and some users share personal ID tokens and passwords. MFA has other benefits and disadvantages.
Pros:
- adds layers of security at the hardware, software and personal ID levels;
- can use OTPs sent to phones that are randomly generated in real time and is difficult for hackers to break;
- can reduce security breaches by up to 99.9% over passwords alone;
- can be easily set up by users;
- enables businesses to opt to restrict access for time of day or location; and
- has scalable cost, as there are expensive and highly sophisticated MFA tools but also more affordable ones for small businesses.
Cons:
- a phone is needed to get a text message code;
- hardware tokens can get lost or stolen;
- phones can get lost or stolen;
- the biometric data calculated by MFA algorithms for personal IDs, such as thumbprints, are not always accurate and can create false positives or negatives;
- MFA verification can fail if there is a network or internet outage; and
- MFA techniques must constantly be upgraded to protect against criminals who work incessantly to break them.
What's the Difference between MFA and Two-Factor Authentication (2FA)?
MFA is often used interchangeably with two-factor authentication (2FA). 2FA is basically a subset of MFA since 2FA restricts the number of factors that are required to only two factors, while MFA can be two or more.
What is MFA in Cloud Computing
With the advent of Cloud Computing, MFA has become even more necessary. As companies move their systems to the cloud they can no longer rely upon a user being physically on the same network as a system as a security factor. Additional security needs to be put into place to ensure that those accessing the systems are not bad actors. As users are accessing these systems anytime and from anyplace MFA can help ensure that they are who they say they are by prompting for additional authentication factors that are more difficult for hackers to imitate or use brute force methods to crack.
Why is multifactor authentication important?
One of the biggest shortcomings of traditional user ID and password logins is that passwords can be easily compromised, potentially costing organizations millions of dollars. Brute-force attacks are also a real threat, as bad actors can use automated password cracking tools to guess various combinations of usernames and passwords until they find the right sequence. Although locking an account after a certain number of incorrect login attempts can help protect an organization, hackers have numerous other methods for system access. This is why multifactor authentication is so important, as it can help reduce security risks.