Here at The IT Department, we keep talking about the importance of implementing security measures higher than single-factor authentication. It’s not just because we like the sound of our own voices; it’s because now more than ever, we all need to be focusing on better cybersecurity.
Authentication is all about proving who you are when you log into an account or network. Factors are put in place to confirm the identity of you, the user, or a device. This could be in the form of a password, a biometric identifier (such as a fingerprint or iris scan), or proof that you own an associated device, such as a mobile phone.
There are two primary recommended approaches you could take here: two-factor authentication (2FA) and multi-factor authentication (MFA). Examine the benefits and pitfalls of each to make the right choice for your business and personal accounts.
What is two-factor authentication?
2FA is the simplest type of multi-factor authentication, adopted by major services such as Google, LinkedIn and Dropbox. You’ll have almost definitely seen this in action. Once you type in your username and password, a code is sent via SMS to your device, and you’ll need to input this code to gain access to the site.Since passwords alone can easily be scooped up by scammers, this extra layer of security helps you verify yourself and protect your sensitive data.
The best thing about 2FA: The authenticator (the code) is sent immediately to your device, so you can quickly verify yourself and access the account you need.
The worst thing about 2FA: It doesn’t always provide the flexibility that organisations need. For example, what if the registered mobile phone gets lost?
What is multi-factor authentication?
Multi-factor authentication involves - you guessed it - more than two layers of authentication, to provide maximum security. MFA isn’t about either denying or granting access to a user. Instead, it provides a particular level of access, on a spectrum, based on the data points during the login attempt. Factors could involve a combination of codes sent by SMS, biometrics, personal questions, and third-party hardware tokens, such as a USB, in a desktop.
This is a more layered defence and the idea is that, even if a hacker manages to overcome one factor, others are in place to prevent them from completely breaking into the target.
The best thing about MFA: Can reduce the risk of security breaches by 99.9% over passwords alone.
The worst thing about MFA: They can disrupt the experience of legitimate end users who need to re-authenticate throughout their work day to gain access to systems
The final verdict.
When it comes to 2FA vs. MFA, which is better?
If we’re being picky, 2FA is actually a subset of MFA. Having two factors of authentication is the same as having multiple factors, but for this comparison, we’ll view them as individuals.
The decision between 2FA and MFA depends on your organisation. While passwords can easily be compromised, it’s unlikely that a scammer will be able to get their hands on your mobile. It’s even more unlikely that they will be able to obtain your fingerprint. In short, two-factor authentication is highly protective, but multi-factor authentication is even better.
Of course, the more authentication measures involved, the more time-consuming and difficult for users. The best one depends on the nature of your organisation and the level of security needed.
The IT Department can help you find the right balance between security and ease-of-use. To speak to one of our Melbourne-based IT consultants, give us a call on 1300 10 10 40.