Have you ever heard the terms multi-factor authentication or two-factor authentication? You have likely been prompted by your phone or cloud-based service to turn on two-factor authentication. Let’s look at what this multi-factor thing is all about.
There are basically three factors or types of authentication. This includes something you have or possess, something you know, and something you are. Location is now being integrated as a fourth factor in authentication but is self-explanatory, so we won’t be covering it here. Let’s break down what each one means, why it is important and how they can work together to provide better security.
Something you have: This is probably the simplest and easiest to use. It includes items like your house key, document, or a card like your driver’s license or work badge. If you use a proximity card to unlock an office door or open a security gate, this is also considered something you have. If one of these items happen to be compromised, it is relatively easy to replace.
Something you know: The most common one here is a password, although it could include a passphrase, an answer to a security question or a pin code like you might use for a debit card. This has become probably the least secure method of authentication but is easy to replace or a new password, passphrase or pin number can be generated.
Something you are: This is where things get interesting. Most of us are familiar with the term “biometrics,” usually associated with fingerprint readers, iris scanners and facial recognition we use on our phones. This factor is unique to you based on your genetic makeup. Interestingly, it can also include behavioral attributes that are also unique. The specific way you type on a keyboard, the way you walk, your facial gestures and even your voice can all be used to identify you.
Typically, biometrics are hard to steal, fake or imitate, unlike passwords. They are part of who we are, which makes them easy and convenient to use. On the other hand, if your fingerprint is compromised, it’s difficult to replace.
Multi-factor authentication is any time we utilize more than one of these factors. I do want to clarify a common misconception. A username AND password are NOT two-factor authentication. Your username simply identifies WHO is trying to authenticate.
For instance, if am required to use my fingerprint, then provide a password along with a one-time security pin that was texted to my phone, that would be considered three-factor authentication, something I am (fingerprint), something I know (password) and something I have (one-time pin from text message).
In today’s world, any one factor is susceptible to compromise. By combining more than one factor, it is easy to understand why this is becoming the preferred method of truly secure authentication. The next time you are asked if you would like to turn on multi-factor authentication, take the few extra steps to set things up in order to keep your identity and data more secure.