What is MFA and why is another layer of security needed?

Multi Factor Authentication or also known as MFA is a security technology that requires the use of different category authentication methods that are independent of credentials in order to verify the identity of users when they log in or perform some other transaction.

MFA can combine two or even more credentials that are independent of each other, which most users know as a password or key.

What is MFA and why is another layer of security needed
Written by

Table of Contents

The MFA objective

The main objective of MFA is to be able to create a layered defense to make it difficult for an unauthorized person to enter a site, whether it is a physical location, a computing device, a network or a database.

When one factor is compromised or broken, whoever is attacking is going to have one or more barriers that they have to break through to successfully hit their target.

Previously, all MFA systems generally relied on two-factor authentication. Already in recent times, many vendors are using the multifactor tag to be able to discover whatever authentication scheme is required.

partial view of african american businessman using laptop with internet security illustration in car
Young Professional programmer working at developing programming and website working in a software

The importance of having a multifactor authenticator

Logging in with user IDs and passwords has a major flaw, as these passwords can be easily observed which could be compromising and if it is a large organization, could cost millions of dollars.

All brute force attacks are also real threats, as many criminals may use automated password cracking tools to guess different combinations of usernames and passwords until they can find the correct combinations.

If the account is locked out after a certain number of attempts to enter the wrong password when logging in, it will help the organization a little bit, because hackers have several methods to access the system.

That is why MFA is very important, as it will help us to reduce all security risks.

Authentication methods

The identification factor is a category of credential that is used to efficiently verify identity.

When using MFA, each additional factor is to increase the security that some entity can engage in some communication or request access to a system to know that it is the person it claims to be.

Therefore, when multiple ways of authentication are used, it will help to make it more difficult for hackers to do their job.

The 3 most common categories or authentication factors are described as something people already know or the knowledge factor, something you already have or the possession factor and finally something you know you are or the inherence factor.

 MFA works when two or more factors from the categories we already mentioned are combined.

The knowledge factor

This authentication is based on knowledge, which requires the user to answer a personal security question.All knowledge factor technologies almost always include passwords, personal identification numbers or four-digit PINs and one-time passwords.

All user scenarios will include the following:

Swiping a debit card and then entering the PIN at the supermarket checkout.

Having to download a virtual private network client with a valid digital certificate to log into a VPN before you can access any network.

Giving information such as the mother’s name or the person’s previous address in order to access the system.

The possession factor

Closeup image of a woman using and working on laptop computer

All users have to have something specific in their possession to log in to their account, such as some badge, a key fob, wristband or some identity module card subscriber known as a phone SIM.

To be able to authenticate on mobile on a smartphone, most of the time you are going to provide the possession factor along with an OTP application. These possession factor technologies have the following included:

Security tokens, these are small hardware devices that can store all of a user’s personal information and is used to electronically authenticate the person’s identity.

This type of device could be a smart card, a chip embedded in some object or a wireless tag.

The security token application that is software-based will generate a login PIN that is single-use.

These are used for mobile authentication, where the device will provide possession factor authentication.

The biometrics factor

Man use of fingerprint door lock

This is used with any biological trait that the user may have to log in. All inheritance technologies are going to include the following methods to verify biometrically:

All the components of the biometric device will include a database, a reader and software to convert all the scanned biometric data into a standardized digital format and compare the match points of the data being observed with the data that has already been stored.

Woman using credit card and smartphone register security code payments online shopping and customer

Are they needed on all websites?

The answer to the question “Do you need MFA for all websites? But yes, you do need to use MFA to authenticate all valuable accounts, i.e. the ones you don’t want to be compromised.

Many Internet users may have access to hundreds of websites, but not every page we find there has the same importance as another. An example would be an e-mail account that was created just to go to a site for the first time.

Therefore, if we want to implement MFA we must do it on websites that we use frequently and that may have a lot of valuable information for us.

More about Digital Business.