Compromised user credentials put your organization at risk for data breaches, as threat actors can easily obtain them. The current IT environment requires robust security methods, and passwords no longer provide adequate protection.
Multi-factor authentication, or MFA, is a best practice for an additional security layer to your user authentication. A high-assurance method, MFA helps secure access in the event of compromised user credentials. It creates an additional barrier that hackers would have to overcome when attempting to gain access to your IT environment.
What is MFA? In short, it’s an access management tool that combines two or more security mechanisms for accessing IT resources, including applications and devices.
Let’s take a closer look at what is MFA and how it benefits your organization.
How Does it Work?
MFA provides enhanced assurance that the right employee or customer is accessing confidential or personal information. You can use MFA for access to devices, applications, websites and so on.
Multi-factor works similarly to two-factor authentication (2FA). Typically, 2FA involves a password and requires a secondary mechanism such as an authenticator app on a mobile device, a fingerprint scan or a security token.
The main difference between 2FA and MFA is that MFA may include more than one secondary mechanism that verifies the user’s identity for assured security.
Types of Authentication
Authentication components, or factors, often fall into one of three categories:
Knowledge: “Something you know,” or memorized secrets the user shares with the application or account requesting login credentials. Example factors include passwords, passphrases and pins.
Inheritance: “Something you are,” which usually involves biometrics. Example factors include fingerprints, voice or facial ID and iris patterns.
Possession: “Something you have,” which could be either physical (hardware) or logical. Example factors include a mobile device (physical) and a software token (logical).
Other authentication factors are geolocation, action (e.g., making a gesture or choosing a series of images) and time windows.
Most commonly, MFA uses a memorized secret as one of the two or more authentication layers. However, the industry is moving toward a passwordless authentication future, which would eliminate the knowledge-based factors due to their vulnerability.
Benefits of MFA
Compromised and weak credentials are the main cause of security incidents that involve hacking. Poor password practices and password hygiene put organizations at tremendous risk for data breaches. MFA is a preventative measure that not only enhances security but also improves regulatory compliance.
Additionally, when you integrate MFA into your identity access management (IAM) platform, you create a seamless, secure, identity-aware infrastructure while providing better controls for your identity governance.
Examples of MFA
You can apply MFA both to your customer and your employee access. For example:
- A user trying to log into an account receives a link via email and enters login credentials after clicking on that link. This method is more likely in a customer access scenario.
- After entering login credentials, a user receives a push notification on a mobile device authenticator app and must either confirm the access attempt or enter the displayed code (depending on the authenticator).
- When a user requests login, a time-based, one-time password (known as TOTP) is sent via email, text message or phone call. This method is common for financial institutions.
Multi-factor authentication is now a critical security protocol. Many customers expect this additional protection layer to be available for their accounts. If you’re thinking of adopting MFA for your organization, consider not only security but also criteria, such as convenience. MFA should not negatively impact your customers’ experience or your employees’ productivity—see how SailPoint integrates with the right authentication providers.
You might also be interested in:
Take control of your cloud platform.
Learn more about SailPoint’s integrations with authentication providers.