What is Multi-Factor Authentication?

Multi-Factor Authentication (MFA) is a method for enhancing the security process through the request of multiple authentication factors from one of four categories: something you know, something you are, something you have, and geolocation.


Multi-Factor Authentication

Relying on passwords alone leaves companies vulnerable to cyberattacks.  Multi-factor authentication (MFA) provides an added layer of security by requesting multiple verification factors to authenticate a digital user’s identity before granting access to applications, accounts, etc.

MFA verification factors come from one of four categories:

  • Something you know: this refers to the standard username and password that users often require to set up and log in to accounts.
  • Something you have: this could be anything from a token or key to a one-time password (OTP) or PIN.
  • Something you are: this refers to biometric authenticators like fingerprint, facial, or iris scans as well as voice recognition.
  • Somewhere you are: this could be your geolocation as well as your timezone. 

If a user fails to authenticate using one of these factors, or if one factor has been compromised, the MFA system can request additional information to verify a user’s identity

Benefits of Multi-Factor Authentication

The clearest benefit of MFA is the added security it offers both customers and companies by eliminating dependence on the password, a weak link in the security chain. However, there are even more advantages:

  • More customer trust: With more and more personal data being shared online and stored in the cloud, users are more vulnerable than ever to potential data breaches. That is why providing added protections to ensure customer information does not fall into the wrong hands creates an added layer of trust between service providers and their users. MFA provides precisely this as well as a clear competitive advantage.
  • Cost savings: Cyberattacks not only diminish customer trust and cause reputational damage, they are also costly to recover from. Having an MFA system in place not only offsets the risks of attacks, it also offsets the expense of recovering data, restoring systems, and potentially paying off ransomware hackers. Furthermore, MFA makes it possible for IT departments to dedicate their valuable time to more critical system and infrastructure questions.
  • Streamlined login process: In order for passwords to offer real protection against hacking, they have to be long and complex. MFA provides the same or greater security without the hassle. Thanks to the integration of technologies like biometric authentication and hardware tokens, authentication is as easy as plugging in a USB stick or looking into your mobile device.

MFA enhances the overall UX by providing a user-friendly approach to security that still offers incredibly strong protections. This helps ensure that users and customers remain loyal to products, services, and companies.

For more information on digital customers' most popular login methods, see our blog.

How Does Multi-Factor Authentication Work?

As mentioned, MFA is a security method that requires users to provide two or more authentication factors to verify their identity before gaining access to data, services, and applications. One of the most common and familiar forms of MFA is two-factor authentication (2FA), which has been around for decades. However, both 2FA and MFA have gained greater traction with the advent of new technologies, like biometric authentication and hardware tokens, which have proven to be reliable and secure factors.

For 2FA and MFA to provide strong protection, at least two distinct factors from the aforementioned categories must be provided for verification and authentication. For example, a password and a fingerprint or a facial scan and a hardware token. Requesting two factors from the same category — for example, a password and a security question — is not considered MFA.

One of the most widely used factors is the one-time password (OTP). This refers to the 4-8 digit code that companies provide via email, SMS, or push notification. They are only generated upon request and on the basis of a user seed value, which is already determined during the initial registration process, and a counter, to avoid duplicate codes.


Nevis Products for Multi-Factor Authentication

FAQ about Multi-Factor Authentication

Why Is Multi-Factor Authentication Important?

orange-plus orange-minus

Multi-factor authentication is important because it provides an extra layer of security beyond a password. Passwords can be easily guessed, stolen or hacked, but MFA requires an additional factor that is much harder to obtain. This makes it much harder for attackers to gain unauthorised access to sensitive information and systems.

How Does MFA Reduce Account Theft?

orange-plus orange-minus

Because MFA does not rely solely on passwords, it can help limit the damage if a password is stolen or compromised. 

More detailed information in our multi-factor authentication glossary.

Which Companies Should Use MFA?

orange-plus orange-minus

Every company that uses user logins should use MFA. It is especially important for sensitive data, such as bank accounts, email accounts or cloud storage.

What Factors Can Be Used for MFA?

orange-plus orange-minus

There are three types of factors that can be used for MFA:

  1. Knowledge: Password, PIN code or answers to secret questions.
  2. Possession: mobile phone, smart card or token
  3. Inherence: fingerprint, facial recognition or iris scan