What is multifactor authentication (MFA)?
Multi-factor authentication (MFA), or strong authentication, is a security mechanism process that requires two or more validation factors to prove a user’s identity. Most often, it involves connecting to a network, application or other resource without having to rely on a simple username and password combination.
Why use MFA multifactor authentication?
MFA to protect from cyberattacksMulti-factor authentication, or strong authentication, is primarily known for providing an additional defence and making it more difficult for an unauthorised person to gain access to a network or database. By implementing a robust MFA solution, data and IT resources can be instantly secured against identity theft, account spoofing and phishing. As such, businesses use MFA to control access to internal IT systems and solutions, as well as for B2C applications.
A way to adapt to the changing workplaceUndergoing a digital transformation, Multifactor Authentication is an excellent way to promote employees’ mobility and productivity. By using MFA either to access corporate applications or to connect to the network via a VPN, without being tied to the office and by having the choice to use their preferred devices, organisations benefit from a high valued flexibility. Check out our article on the Deviceless MFA technology, which enables multifactor strong authentication without any device (smartphone, tablet or physical key).
Comply with regulatory constraints with a multi-factor authentication solutionData regulation is becoming increasingly rigorous, leading to significant compliance issues in data management and protection. MFA can be essential to comply with regulatory requirements in some industries and/or jurisdictions. For example, it can help healthcare providers comply with HIPAA and is a key part in PSD2 directive for meeting strong customer authentication (SCA)..
MFA to simplify the login user experienceIn the digital world, it is a given that enhancing the security of a system inevitably involves a degradation of the user experience. Yet, by choosing the right multifactor authentication (MFA) solution, you can simplify the day-to-day user login experience by allowing them to connect very quickly and easily, from any device, anywhere. Check out our article on passwordless multifactor authentication MFA.
How does MFA works?
Instead of asking for the traditional “ID + password”, MFA requires the user to provide additional verification information, called “authentication factors”, to ensure that they are who they say they are.
MFA authentication methodology requires a combination of at least 2 factors. Each of them coming from a different category:
- Something they know (knowledge), such as a password, a passphrase or a PIN code
- Something they have (possession), such as a device (smartphone, laptop, etc.), physical tokens, key fobs and smartcards
- Something they are (inherence), such as a fingerprints, voice or facial recognition, and any other kind of biometrics
As MFA integrates machine learning and artificial intelligence (AI), some count new authentication factors including location-based and behavior-based authentication factors. However, these verification methods are part of what we call “Adaptive MFA”.
How effective is multi-factor authentication?
According to Microsoft, the MFA blocks more than 99.9% of account compromise attacks. You will often hear that the MFA is a critical component of Zero Trust‘s security. While it is relatively easy to obtain a user’s credentials through attacks such as phishing or credential stuffing, multifactor strong authentication makes it nearly impossible for hackers to obtain the second authentication factor.
How to choose the right solution?
Not all strong authentication solutions are the same because the technologies used are often very different. There are several criteria to consider when evaluating the security and user experience promised by the different solutions.