Multi-Factor authentication otherwise known as MFA or 2FA means that you need more than one credentials to get access to your IT resources such as your applications, systems, files, or networks. Username and password as security credentials are more likely to be vulnerable to brute force attacks and they can be hacked or cracked by hackers. We can add extra security to our resources using Multi-Factor authentication. MFA enhances the security of the system by authorized users using more than one credentials. If a hacker hacks your password, he will not be able to get into your system unless and until he provides secondary credentials generated by a multi-factor authentication device. Multi-Factor authentication involves authentication factors to authorize a user along with a username and password. That authentication factor may be a hardware, a software program, a location where you are, a specific time window, or something you can remember just like your username and password. Some of the compatible Multi-Factor authentication programs which you can use after installing them into your mobile phone are listed below.
- Google Authenticator
- LetPass Authenticator
- Okta Verify
- Free OTP
Some other authenticators, which are not listed above may also be compatible.
Difference between MFA and 2FA
So what’s the difference between 2FA and MFA? Securing your data in such a way that it will be accessible when you provide extra credentials other than your username and password. You get access to your data if and only if you prove your identity using separate credentials generated by different methods.
2FA is a subset of MFA. In 2 Factor Authentication, a user is required to provide exactly two authentication credentials one of them being a simple password and another being an authentication token generated by any 2FA device.
Authentication Factors in MFA
Authentication Factors are different methods of using multi-factor authentication to make your resources more secure. The following are some categories that can be used as Multi-Factor authentication factors.
- Knowledge: Authentication Factor may be something a user knows or memorizes just like his username and password. Security questions are the best example of knowledge as an authentication factor.
- Possession: The authentication factor may be something a user is the owner of. For example, a code sent to your smartphones or any other hardware device.
- Inherence: The inherence factor also known as a biometric identifier is a category that involves something that is inherent to a user like a fingerprint, retina or voice, etc.
- Time: The authentication factor may be a time window during which a user can prove his identity. For example, you can set a specific time window to access your system, and other than that time span, no one will be able to access the system.
- Location: This type of authentication factor involves the physical location of the user. In this case, you set your system to determine your physical location and your system can only be accessed from a specific location.
How Multi-Factor Authentication Works
In this section, we will discuss how all the authentication factors work listed above.
The knowledge factor is just like a username and password that a user has to remember and provide to access his IT resources. Setting a security question or secondary credentials to your resources can make the security of your resources more stronger as anyone will no longer be able to access your resources without providing that extra credentials even if they have your username and password. Missing that secondary credential may lead to losing your resources permanently.
In this case, a user has a third-party hardware device or a software program installed on his smartphone to generate a secondary credential. Whenever you try to access your system, it will ask for the secondary credential and you will have to provide that secondary credential generated by a third-party module you have, to access your system. SMS authentication token and Email authentication token are different types of authentication using the possession factor. Anyone having access to your MFA device may access your system so you have to take care of the MFA device.
In this category, you use something that is inherent to you, as a secondary credential. Using fingerprint scans, voice recognition, retinal or Iris scans, facial scans, and other biometric identifications as secondary credentials are the best examples of the Inherence Factor. It is the best method to secure your resources using Multi-factor authentication.
You can also use Time as an authentication factor to secure your IT resources. In this scenario, we specify a specific time window during which we can access our resources. Outside that specific time window, your resources will no longer be accessible. This kind of factor is useful when you have to access your resources during a specific time only. If you need to access your resources randomly, then this factor is not suitable.
To make your application and other IT resources more secure, you can also use Location-based multi-factor authentication. In this type of authentication, you can block or give access to different users from different network locations. This type of authentication can be used to block access from different regions or countries where you know traffic should not come from. This type of authentication factor sometimes can be cracked easily by changing IP addresses so this type of authentication may fail.
With the increase in the IT industry, saving user data securely is a big challenge for organizations. Where network administrators are trying to make their networks more secure, new algorithms are also being designed to save user credentials securely. Sometimes traditional usernames and passwords are not enough to block unnecessary access to your data. Hackers find a way to a database and they take user credentials and it can reduce a user’s confidence in the traditional way of securing the user’s credentials. So here comes multi-factor authentication to make sure that no one will be able to access a user’s data except him. Adding multi-factor authentication to your application shows how much you care about your customers’ security and take it seriously.
About the author
A security enthusiast who loves Terminal and Open Source. My area of expertise is Python, Linux (Debian), Bash, Penetration testing, and Firewalls. I’m born and raised in Wazirabad, Pakistan and currently doing Undergraduation from National University of Science and Technology (NUST). On Twitter i go by @UsamaAzad14