Multi-Factor Authentication (MFA)
Identity & AccessDefinition
Layered verification combining passwords, tokens, or biometrics.
Technical Details
Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more verification factors to gain access to a resource, such as an application or a network. The factors typically fall into three categories: something you know (like a password), something you have (like a mobile device or security token), and something you are (like a fingerprint or facial recognition). This layered approach significantly enhances security by ensuring that even if one factor is compromised, unauthorized access is still prevented unless additional factors are also provided.
Practical Usage
MFA is widely used across various platforms to secure user accounts, especially for sensitive applications such as online banking, email services, and corporate networks. Implementation can vary from one-time passwords (OTPs) sent via SMS or email, to authenticator apps that generate time-based codes, to biometric scans. Organizations often enforce MFA as part of their security policy to comply with regulatory requirements and to mitigate risks associated with password theft.
Examples
- Google uses MFA by allowing users to enable a second verification step using their mobile device through Google Authenticator or SMS codes.
- Banking institutions often require MFA when customers log in to their accounts, utilizing a combination of a password and a text message with a one-time code.
- Enterprise applications may use hardware tokens, such as RSA SecurID, where users enter a code generated by the token along with their password.