Multi-Factor Authentication is a security mechanism used in network connectivity or mobile device activity that requires the user to authenticate access to a system through more than one single sign-on security and validation process. Most MFA systems are built to combine physical, logical, and biometric validation techniques for a more robust level of secure access control. In fact, odds are that most Americans have daily interactions with MFA systems whether they realize it or not. For example, access to bank accounts through ATM cards is a basic form of MFA. The consumer must first swipe the physical card and then enter a PIN (logical validation). Another example would be an authenticator app on a mobile phone or desktop sites. Sticking to the banking example, a user would log in with credentials (username and password) and then the authenticator app generates a one-time code that must also be entered.
MFA consists of a variety of authentication factors. These security measures control access to sensitive data in a more robust manner by using various credentials to verify the identity of the individual user attempting to gain access to an account, device, or broader network. As mentioned above, the three most common authentication categories are physical, logical, and biometric. These can more succinctly be described as something you have (physical), something you know (logical), and something you are (biometric). Examples of each include an ATM card or hardware token, a username and password, and a fingerprint. Other authentication solution factors in MFA include:
- Location factors – this uses the current location of a user for authentication. For example, mobile phones now commonly possess GPS that enables a level of secure access through location verification.
- Time factors – the current time can also be used for verification. A simple example of this would be ATM card use. It would be impossible to use an ATM card to access a bank account in New York City and do so again in Los Angeles within 15 minutes