You will see me talking about 2FA and MFA on quite a few posts and using the terms almost interchangeably – so what do they mean?
2FA stands for two-factor authentication and MFA stands for multi-factor authentication. 2FA really is just a subset of MFA.
MFA is a security protocol where a user is required to verify their identity by providing multiple pieces of identification before gaining access to either a device or application. Typically this is using at least two of the following factors:
- Knowledge – something only you know i.e. password, challenge questions
- Possession – something you have i.e. Yubikey, one-time password
- Inherence – something you are i.e. fingerprint, retina scan
So you can see how 2FA is just a subset of MFA as you only need to have two factors to successfully authenticate. For instance, using an ATM machine requires you to use your card (something you have) as well as your PIN (something you know).
Now if you add something like a USB device (we love YubiKeys!!!) that you have to plug into your system, you now have three factors needed for authentication and hence one example of MFA. A better example of MFA is to use a program or App that requires the use of an external device, like your phone, that requires your fingerprint (hence inherence) to unlock. This then allows you to accept the authentication on an app on your phone or to get a one time password generated by your phone app. If this seems a little confusing or if you are just intrigued, we will be posting more about our offerings of Duo Security and Passly that you can use to implement MFA in a secure way.