Multi Factor Authentication

Multi Factor Authentication

Multi-factor authentication (MFA) is a method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).

Two-factor authentication (also known as 2FA) is a method of confirming a user’s claimed identity by utilizing a combination of two different components. Two-factor authentication is a type of multi-factor authentication. A good example from everyday life is the withdrawing of money from a cash machine; only the correct combination of a bank card (something that the user possesses) and a PIN (personal identification number, something that the user knows) allows the transaction to be carried out.

In 2017, some form of multi-factor authentication is no longer optional or a nice-to-have. It’s mission-critical. The most common form of MFA is probably phone-based verification. You enter a request, fill out your username and password, and then as a last step, you enter a PIN code that’s been sent to your phone. Employees aren’t always thrilled about having to constantly use their phone to access their various user accounts. There’s a solution to that, too: you probably don’t always have to have MFA enabled. If you’re not a bank or hospital or other holder of sensitive information, you can be flexible with where you enable MFA.

For example, you could only enable it for logins from unfamiliar locations, a great method for preventing the CEO scam shown above, or for other unusual patterns of behavior. All real security is about compromise—finding a happy medium between safety and mobility, McDonald says.