2FA or MFA - That is the Question:
We cover two of the most common methods to enhance the security of password protected resources.
Keeping your company cyber safe and training your people to follow suit is a bit unnerving for a small to mid-sized business. The good news is that there are ways to simplify portions of cyber security that will make a world of difference for your IT folks.
Asking your employees to make long, complicated passwords that “cannot be guessed” is no longer the best way to safeguard your data.
In today’s digital business world, a great defensive method to stay clear of potential cyber threats and cybercrimes is with two-factor authentication and multi-factor authentication.
Two-Factor Authentication
You’ve certainly seen it and encountered it on applications and social media accounts that we all use. Twitter, Facebook and Gmail have begun using two-factor authentication, otherwise known as 2FA. It can also be referenced as a “two-step verification” process.
Think of it like when you call your credit card company and are asked for pieces of information that only you would know, providing evidence that you are, in fact, YOU.
When two-factor authentication is utilized, it requires two forms of identity verification prior to having access to an application. When both factors are verified, the end user has access. For example, you may be sent an SMS code that is valid for a short time and must be entered correctly in order to gain access to an application.
2FA is an added layer of protection for your data and is certainly more secure than just one single factor, such as a complex, long password with numerous unique characters that, despite the user’s best efforts, can easily be stolen or hacked.
With the two-factor authentication, the cyber attacker or imposter would need not only your password, but would also need your second factor as well to gain access to an application on your behalf.
Multi-Factor Authentication
Multi-factor authentication, or MFA, combines what you are, what you know, and what you have. When multi-factor authentication is enabled, the administrator defines a second factor in addition to a password that a user must validate in order to gain access. Multi-factor grants access to your company’s applications through multiple data points.
While MFAs seem great, there are organization that are not adopting this security measure as to not disrupt or irritate their end users or customers. However, this should not be the case. The key is to keep a flexible policy alongside your MFA so that users are not compromised or annoyed while gaining access to your application.
2FA or MFA: Which is Better?
As always, choosing if a 2FA or MFA is better for your company’s security is not a one size fits all answer. To analyze this for your company, keep in mind that there are three possible ways that a user can validate that it is in fact them. They are knowledge, possession, and inherence.
- Knowledge is what he or she knows, which would be like asking for a password and requesting answers to security questions.
- Possession would be what supplies the person has on them, such as a mobile device, a one-time password or even a YubiKey.
- Inherence, on the other hand, is based on a unique characteristic that the user has. This can be items such as voice recognition, a retina scan, or a fingerprint.
Two-factor authentication is just that, it relies on two factors as described above. Multi-factor can be two of the above factors or it can possibly involve all three, even inherence. If you think about it, mobile phones often use a fingerprint for access – and are increasingly moving towards MFA for financial applications.
Whichever authentication you choose for your company’s application, 2FA or MFA, it is better than asking users for one long, complex password – which can be easily forgotten and, year by year, more easily cracked.
Simply adding one more factor can be your best defense against cyber attackers and cyber criminals.