Encyclopedia

Multi-factor authentication

Entersekt | Resources | Encyclopedia | Multi-factor authentication
What is multi-factor authentication?

Multi-factor authentication (MFA) is a form of authentication that requires users to provide two or more independent authentication factors, such as a password and biometrics, to verify their identity. MFA includes the knowledge factor (something you know), like a PIN; the possession factor (something you have), like a mobile device; and the inherence factor (something you are), like a fingerprint scan. In other words, MFA components must cover different categories or factors.
Multi-factor authentication vs single-factor and two-factor authentication

Single-factor authentication means using only one factor to authenticate customers, such as the knowledge factor. A username and password login is a common example. Two-factor authentication (2FA) means using two different factors, such as the knowledge and inherence factor. An example of this is a password login and an OTP. Single and two-factor authentication are easy for fraudsters to crack, especially if the second factor is a one-time PIN (OTP). These solutions offer little protection for banking customers, and expose them to the risk of major fraud losses.

Multifactor authentication combines more than two factors. The most advanced of these can call on many different combinations of active and silent factors depending on the context of the authentication. In today’s digital-first society, implementing MFA is a vital security standard for differentiating real users from hackers.

What are the main benefits of multi-factor authentication for banks?

The benefit of MFA for financial institutions is that it creates a layered approach to the security of digital transactions by verifying the identity of customers and blocking suspicious users or activity. As a result, MFA blocks fraudsters as there are two or more barriers they need to get through before they can access an account or network. MFA also creates better trust with users as it offers better protection against digital banking fraud.

More modern MFA solutions include risk-based authentication and passwordless authentication. Risk-based authentication (also known as adaptive multi-factor authentication) assesses the risk of each transaction in real-time to determine the best authentication tool that’s needed. Passwordless authentication, like biometrics or passkeys, is becoming a more popular component in MFA as it simplifies the authentication experience for consumers and offers better security than passwords.

Example:

A consumer wants to make a large payment to an account they’ve never paid money to before. Thanks to risk-based authentication, their banking app flags the transaction as unusual, checks the device location of their mobile phone, and asks for biometric authentication to verify it’s the actual customer making the transaction.

Further reading:


Keywords:

Multi-factor authentication (MFA) | Risk-based authentication | Passwordless authentication
2023-01-03 16:15 M