Multifactor authentication (MFA) requires users to provide two or more different types of evidence to verify who they are when logging into a service or engaging in a particular transaction. As a security mechanism, MFA is incredibly effective in helping you to stay safe online. Here’s an overview of MFA and how it protects you online.
Want More Tech News? Subscribe to ComputingEdge Newsletter Today!
MFA History and Overview
Before MFA started becoming more widely adopted as a security best practice in customer-facing services, users needed to provide only their username and password credentials to log in to a service or application. Interestingly, a patent by AT&T stretching as far back as 1996 first alludes to requiring an additional form of verification before approving a transaction. Interestingly, it took tech giants like Apple until 2013, 17 years later, to first start requiring more than one type of user verification to log in to an account.
The uptake of MFA was hampered by both usability concerns and a lackadaisical approach to cybersecurity. As the world became increasingly digitized, online fraud, account compromises, and data breaches became growing problems. Users had their passwords either cracked or stolen and from there it was game over in terms of being able to protect their accounts.
MFA provides an extra layer of security by requiring two distinct categories of evidence from the following options in order to verify user logins or transactions:
- Something users know (e.g. their username-password combination or an answer to a security question)
- Something users have in their possession (e.g. a smartphone or a USB token)
- Something users are (e.g. biometric data such as fingerprints or facial scans)
The effectiveness of MFA is such that it prevents 99.9 percent of account compromise attacks. Even if a malicious third party gets access to your password, they can’t log in to any of your accounts using that password unless they also can provide the other required factor of authentication.
How MFA Protects You Online
MFA has a wide range of use cases from protecting internal employee accounts to external customers. From the perspective of anyone using the Internet and logging into services such as email, online banking, eCommerce sites, and much more, here are some of the ways MFA protects you online.
Reduced Online Fraud
Many banks and other payment processing services like PayPal require users to set up MFA both for logging in to these services and to verify transactions. Customers in the United States reported losing more than $3.3 billion related to fraud complaints in 2020 alone.
These fraudulent activities typically involve stealing money or accessing rewards via account takeovers. Having an additional form of verification in place prevents people from engaging in fraudulent activities even if they manage to gain the login details for an online account or service.
Protection Against Credential Stuffing
A particularly widespread type of account compromise attack in recent times is credential stuffing. This attack exploits the tendency of users to reuse the same passwords across multiple accounts and services. By using lists of previously compromised password credentials and email addresses, hackers try to log in to other services using these same credentials, and they are often successful in doing so.
It’s easy to blame this dangerous security practice of password reuse on a general lack of consumer security awareness, but the picture is more nuanced than that. The truth is that a single email address often has dozens of different online accounts assigned to it, which makes password reuse almost an inevitability for all but the most security-aware customers.
According to Salt Security, one of the most effective ways to defend against credential stuffing is through multifactor authentication. Hackers carrying out these attacks use automated scripts and tools to attempt multiple logins to different services at scale. It’s challenging for any hacker to provide additional factors of authentication, such as push notifications sent to registered smartphones or one-time codes sent to an email.
When using online services, it’s important to realize that some services might require users to enable MFA for their accounts rather than it being a default. Organizations such as banks are more likely to require MFA by default. It’s worth checking the options for all your online accounts and switching MFA on to prevent credential stuffing.
Increased Confidence in Businesses
Having confidence in the companies you do business with is vital in today’s security landscape. Organizations regularly become victims of data breaches that compromise sensitive customer information due to not having basic security measures in place. This information can include credit card details, home addresses, passport scans, and other information that hackers can sell to third parties.
The truth is that while MFA might feel like an annoyance at times, you can have increased confidence in any business that implements it. MFA ensures you can trust that the account you’re signing up to or the company you’re buying from has security measures in place to protect the sensitive details you provide to them.
Overall, MFA rescues customers around the world every day from a range of malicious threats that seek to exploit them online. Businesses and customers alike must be aware of the power of MFA and use it as much as possible.
About the Author
Ronan Mahony is a freelance content writer mostly focused on cybersecurity topics. He likes breaking down complex ideas and solutions into engaging blog posts and articles. He’s comfortable writing about other areas of B2B technology, including machine learning and data analytics. He graduated from University College Dublin in 2013 with a degree in actuarial science, however, he followed his passion for writing and became a freelance writer in 2016. He currently also works with Bora. In his spare time, Ronan enjoys hiking, solo travel, and cooking Thai food.