Multi-Factor Authentication (MFA)

What is Multi-Factor Authentication

Multi-factor authentication is the process by which a user verifies their identity to a system using more than one means (factors) of proving who they are. While there are various ways of implementing multi-factor authentication, they all serve the same goal of only allowing fully trusted users to access sensitive organizational data. This data, such as cloud-based email, is exposed to the internet 24/7/365. MFA is by far the best way of protecting this data, as password leaks and password guessing have long been the most effective (and often most devastating) means for hackers to gain access to a network.

What is a Factor of Authentication?  

You may ask yourself, what is a factor of authentication? Put simply, a factor of authentication is commonly thought of as an identification method that is part of one of the following “categories”.

• Something you know.
• For example, a password, PIN, pattern, or phrase.
• Something you have.
• Such as a smartcard, cellphone, or USB stick.
• Something youare.
• This would include biometrics such as voice, face, or fingerprint recognition.
• Somewhere you are.
• Such as a trusted physical or logical location, using GPS or IP address data.

As you can see these categories contain numerous means of proving your identity. Such as using your cell phone to receive a text message when logging in, which can be assumed to only be in the possession of a trusted user. Multi-factor authentication, sometimes referred to as MFA, is a matter of choosing authentication methods from more than one category. It is important to keep in mind that MFA relies on choosing multiple methods, which must fall into separate categories (factors). For example, remembering a password and a PIN, while being multiple methods, would only be considered Single-factor authentication, since both could be guessed, and neither proves someone’s identity on its own.

What Are Examples of Good MFA Security 

A great example of using strong MFA security would be the use of Microsoft multi-factor authentication. When a user attempts to access a computer (or Office 365 account) with MFA enabled, they will first be prompted for a password (that ideally only they would know). Once the password is checked by the computer it is proven correct, the user would then be sent a text message to their cell phone with a one-time PIN to enter, in addition to the password. This makes it nearly impossible for someone who knows the password (1st factor) but does not have access to the trusted user’s cell phone (2nd factor) to gain access to the system.

How Easy is it to hse MFA Security

Most people are familiar with this sort of MFA security, as it is often used to access services like bank accounts and other sensitive online portals. What most people don’t know though, is just how effective and easy it can be to set up a solid MFA security solution for their corporate environment. With applications dedicated to implementing MFA such as Microsoft’s Authenticator application or third-party applications such as DUO, MFA can be implemented for a corporate environment or Office 365 tenant with minimal interruption to users. PIN codes are stored within a secure phone application and there is no need to wait for a phone call, email, or text message. Users simply enter a secure password (something they know) and the PIN from their MFA application (something they have), and they can be securely logged into the system.