What is MFA (Multi-factor Authentication)?

Multi-factor authentication is the use of two or more different identifiers to prove you are the person who has the right to access a resource. The goal of MFA is to create a layered defense that makes it more difficult for an unauthorized person to access a target, such as a physical location, computing device, network, or database. If one factor is compromised or broken, the attacker still has at least one or more barriers to breach before successfully breaking into the target. 

There are four types of commonly used factors: 

1. Something you know – This would be something that could be memorized, like a password or pin number.

    

2. Something you have – A physical object used for authorization, like a smart card or key fob.
    
3. Something you are – Biometric identification, like a fingerprint reader, retina scanner, or facial recognition.

    

4. Something you do – Less common. This is based on observed actions, like gestures or touches on a smartphone.  

To be considered multi-factor, you must authenticate using at least two distinct categories. A common example would be a PIN (something you know) and a smart card (something you have). However, using a thumbprint scanner and facial recognition would not qualify because they are both “something you are.”  

The most used multi-factor method used today is a complex password paired with an authenticator application on your phone. The authenticator app will provide either a randomly generated and temporary PIN or use biometrics. 

Here are four potential pros and four potential cons of multi-factor authentication (MFA): 

Pros: 

1. Increased security: MFA adds an extra layer of security beyond just a password, making it more difficult for unauthorized users to access your accounts.

    

2. Protection against password breaches: MFA can help protect against password breaches, which are common occurrences. Even if a hacker has obtained your password, they still need the additional factor to gain access.

    

3. Compliance: MFA is often required by regulatory standards for certain types of sensitive data or industries. By implementing MFA, organizations can ensure compliance with these standards.

    

4. Convenience: Some MFA methods, such as biometric authentication or push notifications, can be more convenient for users than remembering and entering complex passwords. 

Cons: 

1. User experience: Depending on the type of MFA used, it can add an additional step to the login process, which can be frustrating for users.

    

2. Implementation complexity: Implementing MFA can be complex, particularly for organizations with multiple systems and applications. This can require significant resources and expertise.

    

3. Cost: Some MFA solutions can be expensive to implement, particularly if they require hardware tokens or other specialized equipment.

    

4. Reliance on additional devices: Some types of MFA, such as one-time passcodes sent to a mobile phone, require users to have an additional device available, which can be inconvenient if the device is lost, stolen, or out of battery. 

Overall, the benefits of MFA typically outweigh the potential drawbacks, but it is important to carefully consider the specific requirements and potential tradeoffs before implementing any security solution. And utilizing award-winning security practice from companies like Versetal can enable an organization to take their security to the next level, without the cost associated with operating it in-house.  

Learn more about how we can help your organization build, manage, and maintain the most secure IT environment for your business with our award-winning security practice.