Multifactor authentication (MFA) is one of the best, yet often misunderstood tools that companies can use to fend off cybercriminals trying to compromise business accounts. It blocks 99.9% of account compromise attacks. It also helps thwart automated bot, phishing, and targeted attacks. To jumpstart your learning curve, here are the answers to some frequently asked questions about MFA.
What is MFA?
MFA is a layered approach to securing data and apps, according to the Cybersecurity and Infrastructure Security Agency (CISA). Users must provide two or more credentials to verify their identity when logging in to a system. That way, even if hackers have compromised one of the credentials, they won’t be able to access the system because they won’t have the remaining credential(s).
Is Two-Factor Authentication the Same Thing as Multifactor Authentication?
Two-factor authentication is a form of multifactor authentication. When users must provide two credentials to verify their identity when logging in to a system, it is referred to as two-factor authentication. When users need to provide three credentials, it is called three-factor authentication.
What Kinds of Credentials Can Be Used?
Many different types of credentials are used in MFA. They fall into three categories:
- Something you know. Examples of credentials in this category include passwords, personal identification numbers (PINs), and one-time passcodes.
- Something you have. This group contains physical devices that are used for verification, such as security keys, cryptographic tokens, and smartphones with an authenticator app.
- Something you are. Faces, fingerprints, irises, and several other parts of the human body are unique to an individual, so scans of them can be used for verification.
When designing an MFA system, you can choose to use credentials from the same category or different ones. For example, you can design a system that uses passwords and one-time passcodes or a system that uses security keys and facial recognition.
Companies commonly use two-factor authentication in which the first required credential is a password and the second one is a passcode that’s sent via a text message, email, or phone call. Push notifications from authenticator apps are also frequently used with passwords.
Can MFA Be Bypassed?
When it comes to MFA bypass attacks, it’s a “good news, bad news” situation. Let’s look at the bad news first. Virtually all of the authentication methods used in MFA are vulnerable to bypass attacks, according to Microsoft. For example, push notifications from authenticator apps and one-time passcodes sent via text message, email, or phone call are vulnerable to channel jacking and real-time phishing attacks.
Now for the good news. Attacks that target MFA are rare because MFA is costly to hack, no matter what authentication methods are being used. “Use of anything beyond the password significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.1% of the general population,” said Microsoft. “MFA is the least you can do if you are at all serious about protecting your accounts.”
If you have any more questions about MFA or would like more information about protecting your company’s sensitive data, contact Xantrion. We can free you from the burden of cybersecurity and ensure that your entire team, from leadership on down, can work confidently and productively.