Capable cybersecurity vendors and consultants often talk about multi-factor authentication (MFA) as a modern best practice. The reason has to do with how human users access systems.
There’s been a lot of talk in the past about strong passwords – and even biometrics. The goal is to try to enhance how individual users get access to a system, so that administrators can make sure that it’s the right people who are on their network, and not cheaters or impostors.
Essentially, passwords are not a failsafe solution. Passwords can always be traded back and forth, left on display for hackers, stolen or spied by roving eyes. In the cybersecurity age, companies are realizing that there is a limit to what a single password login can do, even if it is an exceedingly strong password with many different special characters and permutations.
Multi-factor user authentication solves this problem to a large extent. It solves it by using two separate and distinct channels – if a multi-factor authentication resource combines a computer password and an access key on a smartphone, the chances that a hacker will have access to both the computer password and the phone are comparatively very small.
It’s the simplicity of this approach, combined with the reality that so many users have more than one device, that drives companies toward the idea of two-factor authentication. It’s a very feasible solution to a real problem, and that’s why so many vendor platforms include this kind of functionality for businesses in many fields including medicine, banking, legal and defense contracting.
However, beyond the idea of requiring two separate authentication channels, there are other compelling reasons to build multi-factor authentication into a system. Another one is the “notification principle” – when a multi-factor authentication system pings someone on their phone, it can be a notice to the user that the other channel has experienced activity. This can clue users in to all sorts of scenarios where a hacker may be trying to gain access.
In addition, a similar principle involves a way to provide an alternate contact. If one channel is compromised, the authentic user can communicate on another separate channel. Multi-factor authentication builds this into a system from the beginning.
While multi-factor authentication offers all of these security benefits, there are also other reasons that companies integrate this functionality. In general, having MFA makes a firm look like a thought leader, but it also provides an opportunity to “brand” on that other channel. Psychologically, users who interact with a brand on both a computer and a cell phone tend to be more engaged with that brand.
All of this makes multi-factor authentication an important aspect of making sure that systems are well protected.