In today’s online environment, the primitive “username and password” approach to security is easy prey for cyber criminals. Many log-ins can be compromised in minutes, and private data (such as personal and financial details) is under increasing threat. So, when the best online security practices are being discussed, there’s always someone that brings up either two-factor authentication (2FA) and multi-factor authentication (MFA). This is because more and more online services are recognizing the need to ensure a higher level of security for online accounts. Two-factor authentication and multi-factor authentication add additional levels of user verification during the login process, making it a bit more difficult for hackers to gain access to these accounts.
Authentication Factors
In order to understand the differences between two-factor and multi-factor authentication, you need to first understand the concept behind an authentication factor. An authentication factor is a category of methods for verifying a user’s identity when requesting access to a system. Simply put, it makes sure that they are who they say they are.
Each category is considered a factor. But because usernames and passwords fall are under the same factor, when combined they form what is known as single-factor authentication (SFA). Overall, authentication factors can be divided into generally three categories: knowledge, possession, and inherence factors. There are more than just these categories but generally most online accounts utilize these three.
- Knowledge authentication factor- includes information that only a user should know (username, password)
- Possession authentication factor- includes credentials retrieved from a user’s physical possession, usually in the form of a hardware device (security token, software token or mobile phone used)
- Inherence authentication factor- includes a user’s identifiable biometric characteristic (fingerprint, voice, iris scan)
Multi-factor authentication (MFA) is a method of confirming a user’s claimed identity in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).
Two-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.
When should I use MFA?
Stopping all online crime is not a realistic goal, but simple steps can massively reduce the likelihood you’ll be the next victim.
You should use MFA whenever possible, especially when it comes to your most sensitive data—like your primary email, your financial accounts, and your health records. While some organizations require you to use MFA, many offer it as an extra option that you can enable—but you must take the initiative to turn it on.