Does multi-factor-authentication (MFA) really work ?
In short, yes it does and it is becoming much more common as a result.
In the past, users relied on “single-factor” authentication methods, such as passwords, to verify their identity. But over time, cybercriminals became more sophisticated, finding ways to get around passwords and access user data. Examples include the creation of password databases and the development of keystroke-logging software.
As the digital ecosystem developed, the need for a more sophisticated approach to account protection emerged. Users required more than just a simple password standing between the hackers and their accounts.
The solution is multifactor authentication. But what is it? And does it really work?
What Is Multifactor Authentication (MFA)?
Multifactor authentication is any security measure that uses two or more independent methods to verify a user’s identity.
For instance, suppose your banking app uses two-factor authentication. Logging into your account might go something like this:
- Enter your password into the app
- View a message telling you that the app has sent a unique authorisation code to your phone via SMS
- Open the code in your message inbox
- Enter the code into the app’s verification box
The first “factor” is the password the user enters. The second “factor” is the SMS code sent to their phone. Ideally, both of these factors should be independent of each other.
Why Use Multifactor Authentication?
Logging into your account using MFA takes longer than simply typing in a password, but it is also much more secure. That’s because even if cybercriminals have your password, they probably don’t have access to your phone as well.
There are many examples of multifactor authentication currently in use. Generally these break down into “something the user knows” (such as PINs, passwords, and answers to secret questions), “something the user has” (such as the Google Authenticator app on their phone), or “something the user is” (such as their fingerprint, palm print, retina scan, signature or DNA).
In theory, multifactor authentication can combine any number of these verification methods. So, for instance, to access an e-Wallet from your Apple phone, a vendor could ask you to enter PIN, use the Google Authenticator app and scan your fingerprint. Using more than two methods isn’t particularly user-friendly, but it will make your account more secure.
Is It A Foolproof System?
Multifactor authentication tends to be dramatically more effective than passwords alone. Studies from both Microsoft and Google suggest that it blocks more than 99.9 percent of automated attacks.
However, despite being substantially more secure than regular passwords, multifactor authentication still isn’t foolproof. For instance, if a criminal steals your phone and knows your password, they may be able to bypass a two-factor authentication system.
There are also ways to steal your biometric data. Fingerprint spoofing (which involves lifting and copying your fingerprint) circumvents biometric fingerprint systems – and it is relatively easy to do.
Which Multifactor Authentication System Should You Use?
In general, the multifactor authentication system that you use should be the one you feel most comfortable with. Be sure that whatever system you settle on grants you continued access to your account. If it doesn’t, then you may find yourself locked out.