Create the strongest and most secure form of identity authentication by requiring users to provide more than one authentication factor to access an account.
The concept behind multi-factor authentication (MFA) is simple: rather than requiring a single, less-secure form of authentication (like a password), MFA layers multiple authentication steps together, like a password plus an SMS OTP (one-time password). By using more than one simple authentication method, a stronger, synergistic form of security is created.
Common authentication types include something the user knows (password or security question), something the user has (OTP or registered mobile device), and something the user is (biometric factors including face and voice). Due to their inability to be lost, replicated, or stolen, biometric factors, especially when used in combination as part of an MFA security approach, are the most secure factors that can be used to authenticate a user’s identity. They also provide greater ease-of-use.
A multi-factor authentication method that is familiar for many users is a combination of a card and a PIN. Financial institutions have been using this method for decades to secure ATM interactions. For online interactions, the most common example of MFA is a password with a secondary prompt that could range from OTPs (one-time passwords) delivered by SMS (text message), to an authentication code generated by an app, or, in some cases, to a physical token like a USB drive or FIDO security key, which is most often an external fob that stores security data.
A common secondary factor that, by its nature, is most often overlooked, is a registered device. The only time a user knows this factor is being used is when they get an email warning after logging in from a new device. A registered device is also known as a possession-based factor. These “invisible MFA” factors strike a powerful balance between increasing overall security and maintaining a low-friction user experience.
At Daon, our xAuth solution gives customers access to their choice of factors. The authentication tools in the xAuth portfolio span the MFA spectrum of device-based, web-based, and cross-channel authentication protocols, including FIDO UAF and FIDO2-certified biometric authentication, making it easy for organizations to verify users in a manner that best fits their business and customer needs. All of these factors can also be integrated with xFace and xVoice to provide the maximum level of identity security.
Frequently Asked Questions
Is multi-factor authentication suitable for any risk level?
Yes. As companies in all industries and sectors collect more data, MFA provides a scalable way to protect that information. Even something as simple as a password and a one-time password (OTP) is exponentially safer than either one on its own.
What is the most effective MFA factor?
This depends on your circumstances. Accuracy, convenience, compatibility, and security can influence which factor is best for each MFA setup. However, in most cases, the strongest single MFA factor is a biometric factor, like a face scan or a finger or voice print.
What if a primary MFA factor isn’t available (i.e., a client doesn’t have their phone)?
Daon works with its customers to build MFA solutions with secondary login options. While this may be less user-friendly, it does allow individuals to successfully access data through alternative security methods.