Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

What is MFA?

What is MFA?

With cyberattacks becoming more sophisticated, traditional authentication methods, such as usernames and passwords, are no longer sufficient to protect against unauthorized access. 

This is where multi-factor authentication (MFA) comes into play. MFA is an authentication method that requires users to provide two or more verification factors to access a resource, such as an application, online account, or a VPN. By adding an extra layer of security, MFA significantly reduces the risk of successful cyber attacks.


Why is MFA important?

The primary benefit of MFA is that it enhances an organization's security by requiring users to identify themselves with more than just a username and password. While usernames and passwords are vulnerable to brute force attacks and can be easily stolen, MFA factors provide additional protection. 

Organizations can increase their confidence in staying safe from cyber criminals by enforcing factors like thumbprints, physical hardware keys, or one-time passwords (OTPs).

Read more: Enhancing HIPAA compliance with multi-factor authentication 


How does MFA work?

MFA works by requiring additional verification factors during the authentication process. One of the most common MFA factors is using one-time passwords (OTPs), typically 4-8 digit codes generated periodically or each time an authentication request is submitted. These codes are generated based on a unique seed value assigned to the user during registration and other factors such as a counter or a time value.


Types of MFA authentication methods

MFA authentication methods are typically based on one of three types of additional information:


Something you know 

This type of MFA factor involves knowledge-based information, such as a password or a PIN. Users must provide this information and their username during the authentication process.


Something you have 

Possession-based MFA factors include physical items or digital tokens that users must possess to authenticate themselves. Possession factors include access badges, USB devices, smart cards or fobs, security keys, and software tokens or certificates.


Something you are 

Inherence-based MFA factors involve biometric information, such as fingerprints, facial recognition, voice, retina or iris scanning, or other unique physical or behavioral characteristics. These factors provide a high level of security as they are difficult to replicate or fake.


Examples of MFA 

MFA combines multiple elements from the three main authentication methods to ensure a secure authentication process:


Knowledge factors

  • Answers to personal security questions
  • Passwords
  • One-time passwords (OTPs) received via email, SMS, or mobile apps

Possession factors

  • Access badges
  • USB devices
  • Smart cards or fobs
  • Security keys
  • Software tokens and certificates

Inherence factors

  • Fingerprints
  • Facial recognition
  • Voice recognition
  • Retina or iris scanning
  • Other biometrics
  • Behavioral analysis

MFA methods constantly evolve, and new authentication factors are introduced as technology advances. Some MFA solutions also incorporate machine learning and artificial intelligence (AI) to analyze additional factors and provide adaptive or risk-based authentication.

Related: What’s the difference between 2FA and MFA? 


Location-based MFA

One of the newer subsets of MFA is location-based authentication. This method examines a user's IP address and, if available, their geographical location to determine if it matches the specified whitelist. Access may be blocked if the location information does not match, or additional authentication factors may be required to confirm the user's identity.


Adaptive authentication 

Another subset of MFA is adaptive authentication, also known as risk-based authentication. This approach analyzes additional factors, such as context and behavior, during the authentication process. 

A risk level is calculated by considering factors like the user's location, time of access, type of device used, and network connection. Based on this risk level, users may be prompted for additional authentication factors or even denied access altogether. Adaptive authentication adds an extra layer of security by dynamically adjusting the authentication process based on the perceived risk.

See also: HIPAA Compliant Email: The Definitive Guide   

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.