Authentication methods that rely on more than one factor are more difficult to compromise than single factor methods. Consequently, properly designed and implemented multi-factor authentication methods are more reliable and more effective fraud deterrents than the now obsolete single-factor username and password authentication.

Autenticación multifactor

What is multifactor authentication?

Multifactor authentication provides a layered security building block by requiring users to prove their identities using two or more verification methods before they can authenticate. In this way, if one factor is compromised or compromised, the attacker still has at least one more barrier to break through before reaching the target.

Why do I need multifactor authentication?

Authentication methods that rely on more than one factor are more difficult to compromise than single factor methods. Consequently, properly designed and implemented multi-factor authentication methods are more reliable and a stronger deterrent than outdated single-factor username/password authentication.

Multifactor authentication requires users to prove their identities using two or more verification methods before they can authenticate. This way, if a factor is compromised, the attacker still has at least one more barrier to break through before entering the target.

How does multifactor authentication work?

Multifactor authentication is the process by which multiple technologies are used to prove user authenticity. In contrast, single-factor authentication (or simply “authentication”) uses a single technology to prove user authenticity. With multi-factor authentication, users must combine verification technologies from at least three different groups. These groups are:

  • Something you know. This is usually a password, PIN, passphrase or questions and corresponding answers. To satisfy this technology, the user must enter information that the backend can compare with that previously configured or stored.
  • Something you have. Before the advent of smartphones, users carried tokens or smart cards. These devices generated a single-use code that could then be written or entered into the backend system. Today, most users leverage their smartphone as the device that generates these codes or allows them to respond to a server with a single-use code behind the screens.
  • Something you are. This can be used to identify a unique user with fingerprints, retina scans, facial recognition, voice recognition or their behavior (such as how hard or fast a finger is used to type or swipe on a screen).

To achieve multi-factor authentication, at least two different technologies from at least two different technology groups must be used. As a result, the use of a PIN in conjunction with a password would not be considered multifactor authentication, whereas the use of a PIN with facial recognition would be. It is also acceptable to use more than two forms of authentication. However, most users increasingly want frictionless authentication (the ability to be verified without the need to perform verification).

Where can I use MFA (Multi-Factor Authentication)?

Multifactor authentication should be used when accessing sensitive data, such as:

  • When you access your bank account at an ATM, you use multi-factor authentication by having something you know (the PIN) and something you have (the ATM card).
  • When you visit your Facebook account from a new location or device, you use multi-factor authentication by having something you know (the password) and something you have (your cell phone, which receives the notification it must approve before allowing you to log in).
  • When you use your cell phone, you use multi-factor authentication by something you have (the phone) and something you are (your fingerprint or facial scan) or other biometric technology available on the device.

Good multi-factor authentication allows you to be secure and have the ability to do so seamlessly when accessing a service provider’s features and functions.

What are the types of multifactor technologies?

  • Hardware tokens: small, easy-to-use hardware devices that an owner carries with them to authorize access to a network service. Supporting strong authentication with one-time passwords (OTP), these hardware tokens provide the possession factor for multi-factor authentication, while offering enhanced security for banks and application providers that need to protect multiple applications with a single device.
  • Soft tokens: software or “application-based tokens” generate a single-use login PIN. Often, these tokens are used for multi-factor authentication where the device, in this case a smartphone, provides the possession factor.
  • Mobile authentication: Mobile authentication is the process of verifying a user through their phone or verifying the device itself, allowing users to log in to secure locations and resources from anywhere with enhanced security.
  • Biometric authentication: this includes leveraging fingerprint scanning or facial recognition to authenticate users accurately and securely, even on mobile devices; as well as behavioral authentication that provides an invisible layer of security that continuously authenticates end users by the unique ways they interact with their computer or mobile device, via keystroke, swipe pattern, mouse movement and more.

How do I get started with multifactor authentication?

The multi-factor authentication solutions of OneSpan Sign have been designed from the ground up to safeguard accounts and transactions by offering two- or three-factor security, while meeting user demand for a simple registration process. OneSpan has invested considerable time and resources to create easy-to-use, scalable and reliable solutions that offer strong authentication through a range of easy verification options, such as color QR codes and Bluetooth.

Content extracted from
OneSpan
.