Multi-Factor Authentication

In authentication, a “factor” is one element in the equation a system uses to determine if you should be given access to a protected resource. Multi-factor authentication (MFA) systems require the user to provide two or more factors, which leads to much higher confidence in the identity of the user and decreases the chance of account hacks. Daon’s IdentityX is the core component in an enterprise-wide multi-factor authentication system. It supports many different factors which can be combined to provide choice for the end-user and increased security.

How multi-factor authentication works

Systems that rely on a single authentication factor are more vulnerable to attack. Passwords can be hacked or guessed, and tokens/keys can be stolen. Multi-factor authentication systems (MFA) require the user to provide two or more factors from across three different categories:

  • Something you have (key, token, etc.)
  • Something you know (PIN, password)
  • Something you are (biometric: face, finger, etc.)

It is important to note that, to be compliant with National Institute of Standards and Technology (NIST) guidelines, each factor within an MFA system must be from a different category; using two keys or two passwords is not a true MFA system. MFA possible combinations include:

  • Something you have PLUS Something you know (Key + Password)
  • Something you know PLUS Something you are (PIN + Biometric)
  • Something you have PLUS Something you are (Key + Biometric)

IdentityX and MFA

Daon’s IdentityX supports many different factors from each authentication category which can be mixed-or-matched in numerous combinations. During the IdentityX enrollment processes, Daon securely stores a cryptographic token (key) on a mobile device, uniquely establishing it as “something the user has,” providing the first factor in an MFA system. In order to gain access to your account, a hacker would have to have physical possession of your device.

Depending on the capabilities of the user’s device, the needs of the organization and other considerations, IdentityX then allows for something the user knows (PIN, Password, OTP) and something the user is (face, finger, voice and palm biometrics).

Learn more about Daon MFA and Enhanced Multi-Factor Authentication

Confidence in user identity and the security of the system can be further enhanced by incorporating a factor from all three categories or by adding additional biometric factors. For high risk transactions (high dollar value transfers), organizations should consider incorporating additional factors. Simple transactions like “view account” may require only a single factor, while higher risk transaction may require two or more factors and, very risky transactions could require three or more factors. This allows organizations to implement systems that are both simple and convenient for their customers while maximizing the security of the system. To find out more about Daon Multi-Factor and Enhanced Multi-Factor Authentication, contact us to speak with one of our multi-factor authentication experts.