What is MFA?

Multi-Factor Authentication

MFA stands for “Multi-Factor Authentication”. You should enable MFA whenever possible because it provides an extra layer of security to your accounts. MFA will ask for an extra bit of information to prove that you are the legitimate owner of the account. This could be anything from a piece of biometric information or a passcode that will be sent to a cell phone number or email that is already on file.

There are three main types of MFA methods:

1. Things you know (knowledge), such as a password or PIN
   • Answers to personal security questions
   • Password
   • OTPs or one-time passwords (Can be both Knowledge and Possession – You know the OTP and you have something in your possession – like your phone- to get it).
2. Things you have (possession), such as a badge or smartphone
   • OTPs or one-time passwords generated by smartphone apps
   • OTPs sent via text or email
   • Access badges, USB devices, Smart Cards or fobs or security keys
   • Software tokens and certificates
3. Things you are (inherence), such as a biometric like fingerprints or voice recognition
   • Fingerprints, facial recognition, voice, retina or iris scanning or other Biometrics
   • Behavioral analysis

Other types of MFA methods:

1. Location-based
   • Looks at user’s IP address and simply blocks access if the IP address doesn’t match what is specified on a whitelist.
2. Adaptive Authentication or Risk-based Authentication
   • Considers context and behavior when authenticating and often uses these values to assign risk associated with the login attempt. Examples of these factors include:
     • From where is the user when trying to access information?
     • When are you trying to access company information? During your normal hours or during “off hours”?
     • What kind of device is being used? Is it the same one that has been used before?
     • Is the connection via private network or a public network?

Source: https://www.onelogin.com/learn/what-is-mfa