Multi-Factor Authentication (MFA)
What is Multi-Factor Authentication?
Multi-factor authentication (or multiple factor authentication) is a characteristic requirement of an authentication service that requires more than one authentication factor for successful authentication. It requires at least but not limited to two factors of:
- Something you know (like a password)
- Something you have (like a token, YubiKey, or mobile phone)
- Something you are (like your fingerprint)
Within the context of IT, human user authentication is synonymous with login. However, two-factor authentication (2FA), multi-factor authentication (MFA), and adaptive multi-factor authentication (AMFA) can be applied to both login as well as step-up authentication which occurs after login; for example, during privilege elevation or checking out a vaulted credential.
2FA requires two of these factors for the user to prove who they are. MFA requires any number of factors greater than one. For example, two factors, or all three.
AMFA extends MFA by taking user and behavioral context into account, leveraging machine learning and a behavioral analytics engine. Over time, the AI and analytics engine learns a user’s typical behavior and uses this as a baseline to compare current activities. This results in a risk score that can be used in an access control policy to grant or deny access. One example might be a policy that simply allows access if the risk score is low, prompts for MFA if it’s medium, and rejects access and notifies IT security if high.
Why should your organization use MFA everywhere?
More MFA Resources:
Best Practices for Multi-factor Authentication
What is Adaptive Multi-factor Authentication?
Why Organizations need Adaptive Multi-factor Authentication
Single-factor Authentication (SFA) vs. Multi-factor Authentication (MFA)
Two-Factor vs. Multi-Factor Authentication
Best Practices for Verifying Privileged Users with MFA Everywhere
MFA at Server Login on a Linux Machine
MFA Everywhere: Vault login to Server Login