Page Comparison

Multi-factor authentication, or MFA as it’s commonly abbreviated to, adds an extra step to your basic log-in procedure for one of your online accounts. Without MFA, you enter in your username and password, and then you’re done. The password is your single factor of authentication. The extra factor makes your account more secure. Multi-factor authentication is any number of factors more than one.
MFA requires the user to have two or more types of credentials before being able to access an account. Using two of the same type of authentication is not multi-factor.

The three types are:

• Something you know, such as a personal identification number (PIN), password or a security question (what is the name of your first pet?)

• Something you have, such as an ATM card, phone, or key fob (a small security device with built-in authentication)

• Something you are, such as a fingerprint, retinal pattern, or voice print. These factors are called biometrics.

Why is multi-factor authentication important?

Passwords have been the mainstream form of authentication since the earliest days of computing, however, if we consider that 90% of passwords can be cracked in less than six hours and two-thirds of people still use the same password everywhere, they may not be as secure as they need to be.
The vulnerability of passwords is the main reason for requiring and using MFA. Implementing multi-factor authentication will prevent hackers from gaining access to your accounts even if your password is guessed or stolen. The extra layer of protection that MFA offers ensures your account is more secure and drastically reduces the chances of fraud, data loss or identity theft.

What are the different ways to implement multi-factor authentication?

The methods described below all involve ‘something you have’ methods of authentication. There is usually an enrolment process where the user logs onto a website or app with a username and password and follows a process to enable multi-factor authentication. Then for subsequent log ins, the process will ask for the extra layer of authentication.

Time-based One-Time Password (TOTP)

TOTP involves the generation of a one-time passcode from a shared secret key. This can be generated by a physical device that the user is given such as key fob, a USB dongle or smart card which dynamically generates a token for the user. The code is valid for only a short time, sometimes as low as 30 seconds and is single use.
Alternatively, a user can download and install an application that runs on their computer or mobile device that dynamically generates tokens for the user. Software tokens work similarly to hardware tokens in that they are randomly generated and last a brief period of time before changing.

Short Message Service (SMS)

Perhaps the most common method of implementing MFA. This method sends the user a unique token via SMS text message, normally a 5-10 digit code. The user then needs to provide this unique token before they are granted access.

Push notifications

Typically, push notifications work with applications. A push notification is sent to the app on your mobile device. This notification is a login request and includes information such as the application name, the Operating System and internet browser you are using as well as the location and the date of the request. The user accepts the request & automatically the user becomes logged in.
MFA codes can also be received via email and phone call. Regardless of the nature of the extra layer, it serves as a vital barrier to your account.

Biometric authentication

Biometrics or ‘something you are’ authentication is considered the most secure and hardest to compromise form of MFA. It’s also more convenient, as users are the token, so the login process is quick and easy and they are not required to have their mobile device on them at all times. Physical identifiers can be fingerprints, facial features, iris or retina patterns or voice. Behavioural identifiers can be hand-writing analysis or typing patterns.
Biometric authentication, however, presents a number of issues related to storage of biometric data and privacy concerns. If your fingerprint or other biometric data is compromised, how do you change or reset it?

Can MFA be breached?

While multi-factor authentication does improve security, no security system is 100% safe.
The longer a ‘new’ security measure has been in place, the better the hackers get at breaking it. Using MFA offers another layer of security and will definitely make an attack harder. This will discourage a large percentage of cyber criminals and give you a lot more security than just using a password. We should all strive to use MFA wherever and whenever possible.

How to enable multi-factor authentication.

Most of your common accounts such as Google, Microsoft, Yahoo, Facebook, LinkedIn, Twitter and Instagram have MFA available for your log in. Simply enable it. Go to the security page in settings, click multi-factor authentication and then the get started button to sign in to your account and turn on MFA.
https://www.ncsc.gov.uk/cyberaware/home#section_4 on the National Cyber Security Centre website has some great advice on how to switch MFA on for your main accounts.

Backup option

If you are currently receiving MFA codes via SMS, it is recommended that you set up at least one backup option in case you can’t access your phone. You can print out a handful of backup codes that you’ll then store in a safe place. You can also use Google Authenticator app as a backup option or USB security key.