At Intrinium, we recommend leveraging Multi-factor authentication (MFA) or Two-factor authentication (2FA) to assist in securing access to business-critical data. The implementation does not take much heavily lifting and can be rolled out quickly without allocating additional budget. In this short read, we share the benefits of leveraging these authentication methods and just how they work.
(MFA) is a method of authentication in which a computer user is given access after presenting two or more pieces of evidence or factors to an authentication mechanism.
The two or more pieces of evidence or factors could be:
- Knowledge: A piece of information that the user and only the user knows. This could be a security question.
- Possession: (something the user and only the user has),
- Inherence: something the user and only the user is)
There is also Two-factor authentication (also known as 2FA) is a type of multi-factor authentication. It is a method of confirming the claimed user identity by confirming a combination of two factors.
The two factors would be:
- Something the user knows
- Something the user has
- Something they “user” are
Two-factor authentications are commonly utilized in your day to day life. For example, two-factor authentication is initiated anytime you are withdrawing money from an ATM. It requires you to “have something” in this case, an ATM card along with a PIN “something you only know” to successfully carry out the transaction.
Similarly, often applications utilize and supplement a user-controlled password with either a code generated or received by an authenticator (a device like a smartphone or security token) that only the user possesses. Or it could be a one-time password (OTP) that is sent with time limitations to reduce risk.
Why use MFA or Two-Step verification?
By utilizing either MFA or Two-Step verification you are confirming a user’s identity by leveraging information that they know, like a password. The information is then confirmed by a second factor other than something they have or something they are. This eliminates the potential risk of someone successfully gaining access to your information/ devices from simply stealing credentials/or passwords. Often, we see breaches where information (credentials/passwords) are compromised but, the information is null unless accompanied by additional supporting verification. It will give you another layer of security and peace of mind.