Multi-factor authentication (MFA) is an IT authentication technique that requires a user to present at least two factors that prove their identity.
Why Use MFA?
Cybercriminals have more than 15 billion stolen credentials to choose from. If they choose yours, they could take over your bank accounts, health care records, company secrets, and more.
Multi-factor authentication is important, as it makes stealing your information harder for the average criminal. The less enticing your data, the more likely that thieves will choose someone else to target.
As the name implies, MFA blends at least two separate factors. One is typically your username and password, which is something you know. The other could be:
- Something you have. A cellphone, keycard, or USB could all verify your identity.
- Something you are. Fingerprints, iris scans, or some other biometric data prove that you are who you say you are.
Adding this secondary factor to your username/password protects your privacy. And it’s remarkably easy for most people to set up.
Do Passwords Offer Enough Security?
We all use passwords to gain entry into our email systems, work databases, and bank accounts. We are usually forced to change our combinations periodically in the hopes that we'll stay just a bit safer. But the truth is that, on their own, passwords no longer provide an appropriate level of security.
Consider Google. One password gives access to:
- Email. The messages you've sent, those you've received, and the accounts you talk to are all stored in the system and protected with only a password.
- Calendars. Information about who you've met, where you were, and what you did are all linked to a password.
- YouTube. Your password unlocks your viewing history, your uploads, and records about videos you enjoyed.
- Other web apps. Use your Google account to connect to other online resources, such as Hootsuite or Salesforce, and your password could reveal a great deal of data.
In 2017, Google admitted that hackers steal almost 250,000 web logins each week. That number could be even higher now. And each incident can be incredibly dangerous.
When we think about data breaches, we often think about bank accounts and lost money. But the health care sector is also a common target for hackers. Once inside, people can change your medical records to bill fraudulent companies and make money. An altered record is incredibly difficult to change, and it could impact your health care and credit going forward.
Companies are recognizing these risks and acting accordingly. More than 55 percent of enterprises use MFA to protect security, and that number rises each year. If you haven't considered this technique, it's time to start.
How Does MFA Work?
Most MFA systems won't eliminate usernames and passwords. Instead, they layer on another verification method to ensure that the proper people come in and the thieves stay out.
A typical MFA process looks like this:
- Registration: A person links an item, such as a cellphone or a key fob, to the system and asserts that this item is theirs.
- Login: A person enters a username and password into a secure system.
- Verification: The system connects with the registered item. Phones might ping with verification codes, or key fobs might light up.
- Reaction: The person completes the process with the verified item. Entering verification codes or pushing a button on a key fob are common next steps.
Some systems demand this verification with each login, but some systems remember devices. If you always use the same phone or computer to log in, you may not need to verify each visit. But if you attempt to log in on a new computer or during an unusual time of day, verification might be required.
MFA may seem simple, but it's remarkably effective. Microsoft says, for example, that MFA blocks nearly 100 percent of account hacks. This one tiny step could protect your security in a huge way.
Benefits of Multi-Factor Authentication
Countless organizations have adopted MFA, given the realities of today’s security landscape and regulations.
With compliance standards like GDPR and NIST requiring sophisticated security policies, MFA’s presence will only continue to become more widespread. But given its ease of use and the protection it provides, this only stands to benefit employees and IT teams alike.
What’s behind the pervasiveness of MFA? There are several reasons for MFA’s ubiquity in today’s corporate world.
MFA Enables Stronger Authentication
Risk reduction is critical for organizations, which is why multi-factor authentication is growing exponentially. In a world where credential harvesting is a constant threat and over 80 percent of hacking-related breaches are caused by stolen or weak passwords, this kind of bulletproof authentication solution is essential.
With MFA, it’s about granting access based on multiple weighted factors, thereby reducing the risks of compromised passwords. It adds another layer of protection from the kinds of damaging attacks that cost organizations millions.
A security breach caused by a weak user password would understandably have huge consequences for both the company and the customers who trust it.
MFA Adapts to the Changing Workplace
As the workplace changes and more employees work outside the office, companies require more advanced MFA solutions to manage more complex access requests. Enter Adaptive MFA.
Where multi-factor authentication offers multiple layers of protection, adaptive multi-factor authentication evaluates the risk a user presents whenever they request access to a tool or information, looking at details like the user’s device and location for context.
For example, an employee logging in from the company premises is in a trusted location and may not be prompted for an additional security factor. But if that same employee logs in from a coffee shop, uses their personal mobile phone to check work emails, or connects over an unsecured WiFi network, they may be prompted to verify an additional factor because they are utilizing an untrusted location, device, or connection.
Adaptive MFA also allows for dynamic policy changes and step-up authentication — significant controls in securing critical data. For instance, users may be prompted for a higher assurance second factor (or even a third factor) before obtaining access to deeply sensitive information, such as customer data in Salesforce.
MFA Offers Security Without Compromising User Experience
Passwords are a headache to remember — the more users need to remember, the lazier their password habits become. Moreover, it’s important to avoid weighing IT teams down with password resets after they’ve implemented more stringent password policies to protect the company.
MFA secures the environment, the people in it, and the devices they’re using without requiring cumbersome resets or complicated policies. Organizations can also make it easier for users by providing them with a variety of factors to choose from or by only requiring additional factors when necessary.
With MFA’s simple deployment and management as well as its integration with a broad range of applications, IT teams are freed up and can focus this time on more strategic tasks.
Try Okta Free
Security comes standard for all Okta Single Sign-On customers, which now includes Okta Verify One-Time Password protection.
Learn how adaptive MFA could be right for your organization today. Try Okta free for 30 days.
References
New Dark Web Audit Reveals 15 Billion Stolen Logins From 100,000 Breaches. (July 2020). Forbes.
Google Says Hackers Steal Almost 250,000 Web Logins Each Week. (November 2017). CNN.
You've Been Breached: Hackers Stole Nearly Half a Billion Personal Records in 2018. (February 2019). NBC.
More Enterprises Use Multi-Factor Authentication to Secure Passwords. (October 2019). Security.
Back to Basics: Multi-Factor Authentication (MFA). (December 2019). National Institute of Standards and Technology.
Microsoft: Using Multi-Factor Authentication Blocks 99% of Account Hacks. (August 2019). ZD Net.