Multi-factor authentication (MFA) is defined as a security mechanism that requires an individual to provide two or more credentials in order to authenticate their identity. In IT, these credentials take the form of passwords, hardware tokens, numerical codes, biometrics, time, and location.
Using any combination of the examples above is technically MFA, although most implementations leverage two factors, which is why MFA is also known as two-factor authentication (2FA). By leveraging multiple credentials instead of one, the authentication process will remain secure even if one of the authentication factors is compromised.
What are Authentication Factors?
Authentication factors refer to the different methods in which a user can authenticate their identity. Authentication factors in IT are generally expressed in the following categories:
- Knowledge: Something that the user knows, such as their core username and password.
- Possession: Something that the user has, such as a smartphone or hardware token.
- Inherence: Something that is inherent to the physical user, such as a fingerprint or retina.
- Location: Denoted by the physical location of the user.
- Time: A time-based window of opportunity for the user to authenticate.
Of course, some of these categories are more convenient than others, which is why IT admins often opt for time-based one-time password (TOTP) generators like the Google Authenticator™ app. Fortunately, any one of them can enhance your IT security posture.
How Does MFA Work?
It is important to clarify that there are two types of MFA:
- Device MFA: An authentication process that implements MFA directly at the point of login to a system.
- Application MFA: An authentication process that implements MFA upon attempting to gain access to one or more applications.
MFA works in roughly the same manner for both types. As the user attempts to gain access to a particular resource, they are challenged to input multiple authentication factors, rather than just one.
The user credentials are then verified by a core identity provider (IdP) or directory services platform. Once authenticated, the user gains access to the requested resource.
How Secure (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/what-is-multi-factor-authentication-mfa/