What is Multi-Factor Authentication (MFA)?

How MFA prevents attacks from cybercriminals

What does MFA mean?

How does Multi-Factor Authentication work?

Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials. It is a critical component of identity and access management (IAM). Rather than just asking for a username and password, MFA requires other—additional—credentials, such as a code from the user’s smartphone, the answer to a security question, a fingerprint, or facial recognition.

What is MFA? What is MFA?

MFA is an effective way to provide enhanced security. Traditional usernames and passwords can be stolen, and they’ve become increasingly more vulnerable to brute force attacks. MFA creates multiple layers of security to help increase the confidence that the user requesting access is actually who they claim to be. With MFA, a cybercriminal may steal one credential but will be thwarted by having to verify identity in a different manner.

Examples of Multi-Factor Authentication include using a combination of these elements to authenticate:

  • Codes generated by smartphone apps
  • Badges, USB devices, or other physical devices
  • Soft tokens, certificates
  • Fingerprints
  • Codes sent to an email address
  • Facial recognition
  • Retina or iris scanning
  • Behavioral analysis
  • Risk score
  • Answers to personal security questions

Types of authentication factors

When it comes to MFA, we typically refer to three types of authentication factors:

  • Things you know (knowledge), such as a password or PIN
  • Things you have (possession), such as a badge or smartphone
  • Things you are (inheritance), indicated through biometrics, like fingerprints or voice recognition

The latest MFA solutions incorporate additional factors by considering context and behavior when authenticating. For example:

  • Where you are when trying to obtain access, such as a cafe or home
  • When you are trying to access, like late at night or during the workday
  • What device you’re using, such as a smartphone versus a laptop
  • What kind of network are you accessing, like private or public

Often called Adaptive Authentication, this type of MFA leverages artificial intelligence (AI) and machine learning to flag logins that are out of the ordinary and adjust enforcement of MFA based on the level of risk. When a user exhibits atypical behavior such as logging in from a new location or unusual time, adaptive authentication tightens security by requesting additional authentication factors, such as an email verification code or biometric verification.

Conversely, it can also reduce or remove the MFA requirement if the login exhibits typical user behavior. This allows admins to both enable quick access and mitigate additional security risk when employees and executives work remotely.

For example, if a user decides to login from a cafe during their lunch break—and this is not typical for that user—the MFA tool may require the user to enter a code texted to the user’s phone to verify they are who they say they are. If this then becomes a regular occurrence, the risk engine will eventually learn that user’s behavior and stop requiring submission of an additional authentication factor, if enabled by the admin.

Adaptive MFA Adaptive MFA

In either context, adaptive authentication makes remote work more convenient–by learning that user’s behavior overtime–without compromising on security. All in all, MFA provides that critical layer of security and leveraging AI for risk-based authentication improves security while minimizing disruptions for end users.

Related Resources:

AI-Powered Multi-Factor Authentication (MFA) for Remote Work

Download the ebook to find out how you can use AI-powered multi-factor authentication (MFA) to help protect your company.

Learn More

What Type of Attacks Does MFA Prevent?

See how MFA can protect against many different, common types of cyberattacks.

Read More

MFA Solution Checklist

Find out what to look for in a Multi-Factor Authentication solution.

View Checklist

The Evolution of Multi-Factor Authentication

Learn how authentication evolved from simple usernames and passwords to adaptive MFA in this fun infographic.

See Infographic