Multi-factor authentication (MFA) is a security measure that requires users to verify themselves with additional evidence alongside their username and password when signing in to an account.
MFA is normally triggered when a user tries to sign in from a new location, device, or application. If it deems their attempt suspicious, the user may need to provide further authentication factors.
The main types of MFA factors include:
1. Knowledge – something a user knows
- Password or PIN (these can also be possessions)
- Answer to a security question
2. Possession – something a user has
- One-time passwords (e.g., email links, SMS codes, push notifications, authenticator apps)
- Physical security keys like access badges and USB devices
- Software tokens and certificates
3. Inherence – something a user is
- Fingerprints
- Voice recognition
- Facial recognition
- Other types of biometric authentication
Adaptive MFA
Adaptive MFA is a more recent method that verifies a user’s identity based on their behavior – often in relation to a certain business context. It can authenticate users based on the time and location of their sign-in attempt (which can be compared with a work schedule, for example), their IP address and device type, and more.
Why is MFA important?
Usernames and passwords are needed to access many websites and applications, but they don’t necessarily prove someone’s identity. Usernames are often just email addresses, and passwords can be stolen by attackers anywhere in the world using techniques like phishing, brute force, credential stuffing, and keylogging. Putting a user’s identity (and therefore their money, data, communications, and contact details) in the hands of a single password is extremely risky.
This is why MFA is crucial for identity security. Even if an attacker steals a user’s account details, MFA puts another roadblock in the way before they can gain access. MFA factors are more complex and personalized than passwords, making them harder to crack, and they’re time-limited, which renders them useless should an attacker eventually find a way to compromise them.
MFA and identity security
MFA is a vital component of identity security. Yet, many companies – even tech giants like Microsoft – still fail or forget to use it, leaving sensitive assets and privileges exposed. Identity and access security solutions like Rezonate integrate with MFA across an organization’s IT system to make sure these authentication cracks are sealed. Rezonate can proactively monitor user activity, grant or deny access rights, and establish session controls and trust relations, offering a strong layer of security against even the most determined attackers.
