Multi-factor
authentication (MFA) explained
What is multi-factor authentication?
Multi-factor authentication (MFA) can greatly enhance security while delivering a positive user experience. MFA is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence, or factors, to an authentication mechanism.
- Something user knows
- Something user knows
- Something user has
- Something user knows
- Something user has
- Something user is
4x breaches
Breaches have quadrupled in last four years costing the global economy $2.1 trillion in 2019.
2+ factors
By requiring 2 or more factors for verification, MFA provides the strongest security.
$5.2M lost
The average company loses $5.2M annually in weak password-related accounts lockouts.
* The 2019 State of Password and Authentication Security Behaviors Report, Ponemon Report, 2019
Types of multi-factor authentication
You have probably used multi-factor authentication (MFA) before without realizing it. The bank has higher confidence because a wallet thief cannot drain your account unless they also know your PIN. MFA is a way for the service you use to authenticate your identity, by asking you to present two or more pieces of evidence (factors) during the login process.
Biometrics
Biometrics such as voice recognition or fingerprint scans.
Magnetic stripe cards
Cards that contain data such as identification numbers written on magnetic storage media. May include other security features such as an employee id card with a photo on the front.
Security keys
A hardware authenticator that provides physical proof that the user is present when they touch the key.
Security tokens/mobile devices
Hardware such as a USB device or mobile phone that generates time-synchronized tokens based on a shared key with an authentication service.
Challenge/response
Answers to challenge questions that may include personal information such as “Your favorite sport.” or “Your first car.”
Smart cards
Cards that have embedded computing capabilities that typically include authentication credentials such as public key certificates.
Multi-factor authentication
raises the bar for security
Experience multiple layers of protection
Users who are security savvy and want the highest levels of security for sensitive resources or transactions opt for multi-factor authentication as the barrier to entry is the most stringent. A user has to supply several pieces of information before gaining access to their accounts.
Protect high assurance transactions
For certain transactions, using strong single factor authentication may provide sufficient security. However for high assurance transactions, such as filling a prescription, or making a high dollar value transaction, a user may need to be verified more strongly. Multi-factor authentication with a PIN will strongly assure the identity of the user.
Ensure strong compliance
For organizations in regulated industries, there is a need to meet stringent compliance regulations and compliance regulations such as PCI and HIPAA. Using a multi-factor authentication approach with solutions that meet the highest levels of assurance, such as NIST Assurance Level 3 (AAL3) assures authorized access.
Get Started
Find the
right Yubikey
Take the quick Product Finder Quiz to find the right key for you or your business.
