Multi-Factor Authentication, also known as two-factor authentication, is a critical component of any cybersecurity plan, whether you're protecting a Fortune 500 company, a small business, or personal assets.
The first step in recognizing the importance of Multi-Factor Authentication, MFA, is understanding how the technology works.
MFA in the cybersecurity world commonly uses the following factors:
Something you know (ex. a password or a pin)
Something you have (ex. a token generated on a phone or a security key)
Something you are (ex. fingerprint or iris pattern)
Combining the Factors
When you log on to a service that utilizes MFA, the process will require that you use two factors from the list above. On many websites, this is commonly a password (the something you know) and a one-time token from an authentication app on your phone (the something you have).
Of course, other combinations also work well. When you enter a Canadian airport with a Nexus card (Global Entry for non-Canadian readers), immigration validates you with MFA. To enter the country, you scan your Nexus card (something you have) and irises (something you are) to validate your identity.
By utilizing multiple factors, the system increases its ability to ensure your identity. The system no longer relies on a single entity to confirm your identity that may be easily compromised.
On the internet, this additional factor helps prevent many common malicious password attacks:
Brute force attacks. A brute force attack is a scenario where an attacker tries to guess your password continuously. Requiring a second factor would require two items to be identified correctly at the same time.
Phishing and Spear Phishing. In these attacks, the belligerent is attempting to capture your password to access a service. By not having access to the second factor, the hacker is blocked and unable to log on and assume your identity.
Credential Stuffing. Attackers take passwords from data leaks and attempt to gain access to other services with your password. This attack is useful as people commonly re-use passwords between services. A second factor makes your re-used password less susceptible.
Credential Spraying. Attackers take commonly used passwords and attempt to gain access to many user accounts. While we are optimistic that our readers do not use poor passwords, we acknowledge that a second factor can decrease the risk.
Keylogging. A keylogger is a device or software installed to read the keys that you type on a keyboard. If an attacker retrieves your password with a keylogger, they can use it to enter the same service. The second factor of authentication can prevent that password from being useful.
Two-factor authentication is a powerful tool to stop preventable attacks that occur daily. We recommend that all readers implement two-factor in their organization and personal life immediately.