Multi-factor authentication (MFA) is a security process in which a user is granted access to a computer system or application only after successfully presenting two or more different authentication factors. These factors fall into three main categories:
- Something you know
- Do you have anything
- You are something
Something You Know: Contains knowledge-based information that only the user as should know. For example password, PIN and security question. Users must provide this information along with at least one other factor for authentication.
Something you have: This requires the user to have a physical object or device in addition to their password or PIN. Common examples include:
Smartphone: Receive one-time password (OTP) via text message or mobile app.
Authentication Token: Small hardware device that generates time-based OTPs.
Smart Card: Embedded with a chip that stores cryptographic keys or certificates.
You are something: This factor depends on the biometric characteristics specific to the individual. Examples of this include:
Fingerprint Recognition: Scanning and matching the user’s fingerprint.
Facial Recognition: Scanning and matching a user’s facial features.
Iris or retina scan: Analyzing unique patterns in the user’s eyes.
MFA significantly enhances security compared to traditional single-factor authentication (typically relying only on a username and password). Even if a malicious actor were successful in obtaining a user’s password, they would still need access to additional authentication factors to gain entry, making unauthorized access more challenging.
MFA is widely used in a variety of applications and services, including email accounts, online banking, corporate networks, and cloud services, to provide an additional layer of security against unauthorized access and data breaches. It plays a vital role in improving overall cyber security and is recommended for anyone looking to secure their digital accounts and information
Some commonly used MFA are google authenticator and Microsoft authenticator
For more security related contents check out our blog.