Multi-factor authentication protects your user accounts
Multi-factor authentication means that your identity is confirmed using two or more authentication methods, or factors. Using multi-factor authentication can prevent almost all account hijacking attempts. With multi-factor authentication, even if a criminal were to get a hold of your username and password, they cannot log in to your account without the additional authentication factor. Services that store personal or payment data should always be protected with multi-factor authentication.
MULTI-FACTOR AUTHENTICATION IN A NUTSHELL
Multi-factor authentication (MFA) means that the user’s identity is confirmed using several different authentication methods. The most common form of multi-factor authentication is two-factor authentication (2FA).
How does multi-factor authentication work?
When logging in to online services, the user is authenticated. This means that the user proves to the service that they are the person who they claim to be. Traditionally, this is accomplished with a username and password. Unfortunately, using only a username and password is not a very good authentication method. Guessing usernames is easy because they are often simply the email addresses of users. Furthermore, users frequently use easy-to-remember passwords and even re-use the same passwords on multiple services. “Recycling” passwords like this is not recommended, because if the password leaks from one service, criminals can also try to log into other services using the same username and password.
Because of these issues, many services offer the option of enabling multi-factor authentication. In most services, multi-factor authentication is an optional feature, meaning that it is not enabled by default. The feature may be offered under names like “Two-Step Verification” or “Multi-factor Authentication.”
Using multi-factor authentication does not require you to remember any additional codes or passwords. Instead, the additional authentication factor is usually a one-time number sequence that is sent to you by SMS or email, for example, or that you check using an authenticator application, depending on your preference.
Multi-factor authentication is based on three principles:
- Something that you know (such as a password)
- Something that you own (using your mobile phone to receive a one-time code, such as Mobile ID, for example)
- Something that you are (such as a fingerprint or other distinguishing feature)
Two out of these three factors must be used to establish the user’s identity with sufficient certainty.
Choosing the authentication factor
Many services allow you to choose between different authentication factors. Some services also allow you to enable multiple methods, such as SMS and an authenticator application. Enabling multiple authentication methods can also serve as a backup measure in case your phone stops working or goes missing. Many services provide you with a list of single-use number codes when enabling multi-factor authentication, which you should store securely in a password manager, for example. They allow you to bypass multi-factor authentication in the event that you are prevented from accessing the primary authentication method.
A multi-factor authentication scheme based on at least two authentication factors can include:
- a password
- a fingerprint
- a confirmation message received via email or SMS
- an authenticator device (e.g. a code calculator used by banks) or security key (so-called token)
- a changing PIN
- recovery codes
- an authenticator application
How the different authentication factors work
This section provides brief explanations of how the various authentication factors work. Some authentication factors may seem difficult or cumbersome to use at first, but if you keep at it, you will get used to multi-factor authentication in no time!