Browse Definitions:
Reference

Learn IT: multi-factor authentication basics (MFA basics)

1. What is multi-factor authentication?

Multifactor authentication (MFA) is an approach to security that requires an end user to provide more than one type of identification factor before a transaction can take place.  Identification factors can be something the user knows (a password), something the user has (a security token) or something the user is (biometric verification.)

 

Required reading:

Read our complete definition: multi-factor authentication (MFA).

 

2. Why is multi-factor authentication important?

Multifactor authentication is one of the most cost-effective mechanisms a business can deploy to protect digital assets and customer data. Security breaches are occurring with alarming regularity, many of which are the result of end users creating weak passwords or re-using the same passwords as they travel from website to website. Multifactor tools blunt the negative effects of excessive password re-use by requiring people to provide something more than a password to complete an online transaction.

 

Required reading:

Making the business case for multi-factor authentication

 

3. How does multi-factor authentication keep my data safer?

The goal of MFA is to create a layered defense. MFA requires the end user to supply two or more independent credentials: what the user knows (such as a password), what the user has (such as a hardware-based or software-based security token) and what the user is (the person’s biometric verification). Multifactor authentication can not only lower the incidence of stolen credentials and unauthorized access to data, it also adds an additional layer of security for local access, back-end access and other common network entry points.

 

Required reading:

The fundamentals of MFA

 

4. Who uses multi-factor authentication?

In the past, multi-factor authentication was only deployed in environments that required an extraordinarily high level of security.  Today, MFA is used on a regular basis for many online transactions, including banking and shopping. Multifactor Authentication is a must-have for services based in the cloud, especially for accounts with administrative purposes.

 

Required reading

MFA is a key component of successful cloud security

 

5. How has multi-factor authentication changed over the years?

The increased use of software-as-a-service (SaaS)-based Web services has also increased the number of times that customers re-use passwords. As more businesses move their servers into the cloud and create self-service portals for customers, multi-factor authentication has moved from a "nice to have" to an "absolutely essential" technology.

 

Required reading:

Types of multi-factor authentication products

 

6. What are the challenges of implementing multi-factor authentication?

It may require some effort to configure and deploy MFA securely. The tools have lots of moving parts and enterprises will need specialists from different parts of their IT organization to coordinate and configure the infrastructure and get protected logins to work properly. That said, if an enterprise already has Active Directory and is fairly confident that its directory information is accurate, adding multifactor authentication tools can be relatively painless. Cloud-based multifactor products can also be easier to set up.

 

Required reading

Comparing multi-factor authentication products and their deployments

 

7. What should I be thinking about when I am evaluating security vendors who offer MFA products?

In addition to price and ease of implementation, you should be thinking about what business goals you are trying to achieve. Are you trying to improve the security of your Radius or Active Directory identity stores? Are you seeking an identity provider for a Web service? Are you just looking to secure logins to your servers?

 

Required reading

The fundamentals of procuring multi-factor authentication

 

8. Where can I find reviews for MFA products?

Security expert David Strom has reviewed several of the most popular MFA software tools to help you evaluate MFA products.

 

Dell Defender is licensed per user and covers multiple token methods at the same cost.

SecureAuth IdP is a cloud-based service that provides both MFA and single sign-on capabilities.

Strong Authentication is appropriate for midsize organizations and large enterprises, especially those that make use of third party cloud services such as Google Docs or Dropbox.com.

RSA SecurID has been around the longest, has a large number of supported applications that can be secured with its multiple factors and has the largest market share of hardware tokens.

Okta Verify is one of the few MFA vendors that actually offers public, published and simple pricing on a per user, per month basis.

Symantec has been in the multifactor space for some time and is known for mobile phone support and a wide selection of tokens.

SafeNet is known for its extensive policies, role assignments and user groups. This makes it easier for IT to set up different authentication levels for different individuals and groups.

 

9. Glossary of terms 

Browse through this handy, printable glossary and become familiar with tech terms related to multi-factor authentication.

 

10.  Quiz yourself

After you've looked at the glossary, quiz yourself to see what you've learned about multi-factor authentication.

This was last updated in February 2015

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • PCAOB (Public Company Accounting Oversight Board)

    The Public Company Accounting Oversight Board (PCAOB) is a Congressionally-established nonprofit that assesses audits of public ...

  • cyborg anthropologist

    A cyborg anthropologist is an individual who studies the interaction between humans and technology, observing how technology can ...

  • RegTech

    RegTech, or regulatory technology, is a term used to describe technology that is used to help streamline the process of ...

SearchSecurity

  • spear phishing

    Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to ...

  • supercookie

    A supercookie is a type of tracking cookie inserted into an HTTP header by an internet service provider to collect data about a ...

  • email spam

    Email spam, or junk email, is unsolicited bulk messages sent through email with commercial, fraudulent or malicious intent.

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

  • mass notification system (MNS)

    A mass notification system is a platform that sends one-way messages to inform employees and the public of an emergency.

  • disaster recovery as a service (DRaaS)

    One approach to a strong disaster recovery plan is DRaaS, where companies offload data replication and restoration ...

SearchStorage

  • GlusterFS (Gluster File System)

    GlusterFS (Gluster File System) is an open source distributed file system that can scale out in building-block fashion to store ...

  • virtual memory

    Virtual memory is a memory management capability of an OS that allows a computer to compensate for physical memory shortages by ...

  • yottabyte (YB)

    A yottabyte is a measure of theoretical storage capacity and is 2 to the 80th power bytes, or, in decimal, approximately 1,000 ...

SearchSolidStateStorage

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

  • SSD caching

    SSD caching, also known as flash caching, is the temporary storage of data on NAND flash memory chips in a solid-state drive so ...

  • NVDIMM (Non-Volatile Dual In-line Memory Module)

    An NVDIMM (non-volatile dual in-line memory module) is hybrid computer memory that retains data during a service outage.

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close