Multi-Factor Authentication - What It Is & Why It Matters

Five Nines Team : Jan 22, 2020 8:00:00 AM

2 min read

IT Services Cybersecurity Multi-Factor Authentication IT Tips & Tricks

Multi-Factor Authentication - What It Is & Why It Matters

TL;DR

Even strong passwords can be stolen, so they cannot be your only line of defense.
Multi-factor authentication (MFA) adds a second verification step (like a code on your phone) to prove it is really you logging in.
Enforcing MFA across business applications dramatically lowers the risk of account takeovers, especially with more people working remotely.

We’ve talked a lot about the importance of changing your password and making sure you choose passwords that aren’t easily guessed. But while you should always beef up your password game, no matter how strong a password is, there’s still potential for attackers to gain access through a phishing scheme or an email interception.

This is where multi-factor authentication can serve as another security control. Multi-Factor Authentication (MFA) is an added security factor that verifies a user’s identity by requiring multiple steps to authenticate login credentials. Instead of just asking for a username and password, MFA requires that a user provides an additional step of authentication from these three categories:

Something you are (fingerprint, facial recognition)
Something you have (security card, mobile phone, iPad)
Something you know (your password, passphrase, PIN)

MFA is typically set up to include the “something you know” (i.e. your username and password) with “something you have” (e.g. a one-time passcode from a device you own, such as your mobile phone).

In recent years, multi-factor authentication has become more common for personal use, and many online applications (Apple, Facebook, Instagram, Twitter, Google, and LinkedIn) have adopted MFA processes. As businesses face the need to lock down additional programs and applications to protect their data, it’s important to consider enforcing multi-factor authentication as part of an IT security plan.

Why deploy & enforce MFA:

Layered Security Protections. While anti-virus, firewalls, and password management strategies are a component of your overall IT strategy, you still want to make it as difficult as possible for attackers to log into your systems if they happen to steal or crack credentials. They can not only access data, but can hijack systems, alter programs, or introduce malicious code. If someone had easy access to all your company’s key data, imagine how they could use it to hurt your business and your bottom line.
Password theft will continue to accelerate. Cybercriminals are constantly innovating new techniques to steal the keys to your company’s gate. Adding MFA requires that all user identities are verified before they can log into corporate applications.
Remote work and remote systems access are here to stay. More users are working remotely, still needing access to their company files and systems. Adding MFA creates a second layer of security to ensure that whoever is accessing remote resources is exactly who they claim to be.

With the increase of cyberattacks on businesses using stolen credentials and phishing tactics, password strength alone cannot be relied on as the only layer of protection. Multi-factor authentication is a proven way to stop 99.9% of automated attacks that would otherwise succeed by using a compromised or easily guessed password.

Frequently asked questions

What is multi-factor authentication in simple terms?

Multi-factor authentication is a security step that requires more than just a username and password to log in. You confirm your identity using a combination of something you know (password or PIN), something you have (a phone, token, or card), or something you are (fingerprint or face scan).

Why isn’t a strong password enough anymore?

Even complex passwords can be stolen through phishing, keyloggers, or intercepted emails. Once an attacker has your password, they can log in as you — unless a second factor (like a one-time code on your phone) blocks them.

How does MFA typically work for employees?

Most business MFA setups pair your normal login (username and password) with a second step on a device you own, like a one-time code via an authentication app, text, push notification, or hardware token. You enter or approve that code to finish signing in.

Why is MFA especially important now?

Remote work and cloud apps mean users are logging in from many locations and devices, often outside the office network. MFA adds a strong extra check that the person accessing company systems is really the authorized user, not someone with stolen credentials.

What benefits does MFA bring to a business security plan?

MFA adds a powerful extra barrier against account compromise, protects sensitive data and systems even if passwords are leaked, and helps stop the vast majority of automated attacks that rely on guessed or stolen passwords. It strengthens your overall security posture without requiring major changes to how people work.