Multi-Factor Authentication — or MFA — is a type of cybersecurity that requires users to provide multiple means of authentication before being granted access to a specific device, site or network.
Each authentication “factor” in MFA falls into one of three categories: “something I know” (e.g., username/password), “something I have” (e.g., phone) and “something I am” (e.g., fingerprint). A combination of such factors is the brilliance of MFA.
Example: As a user, you log in to a site or network with your username and password (something you know). Before being granted access you are prompted to enter an authentication code which was automatically sent to your phone (something you have). Therefore, if someone has obtained your username and password, he or she will not be able to log in without the code that was sent to the “something you have.” Nice, right?
MFA is best practice at its best. MFA is available in thousands of software-as-a-service applications such as Dropbox, Salesforce, Azure Active Directory Premium and is already included in some you may already have such as Office 365 — it just needs to be set up.
In addition, it’s customisable. Here are a few examples: you can require MFA only when logging in from outside your company’s network; require MFA only for certain employees such as administrators since they have greater access to sensitive information; allow employees to have the option of how to receive a second authentication factor (like a text message or call); or require a specific second authentication.
Your security is only as strong as its weakest link and passcodes are very easy to steal whether through phishing, hacking or leaving them on a sticky note because you have too many to remember. MFA removes those “what ifs,” which is why we say, “why not?”