Multi-Factor Authentication

What is MFA?
Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is a security feature that requires two or more unique factors to verify a user's identity. This technology validates that the user is the expected account holder or device owner, providing an extra layer of protection against unauthorized access.

Why Use MFA?
  • Using MFA will reduce risk to both you and the owner of the site or service you are accessing.
  • MFA helps guard against fraudulent online activities like phishing scams and identity theft.
  • MFA is more secure than Single-Factor Authentication (SFA), which is usually a username and password. If someone knows these factors, they could have full access to your account, your email, your files, and even the networks you access.
  • With MFA in place, if your username and password are stolen, protected services cannot be accessed without the dynamic additional "factor" or code.
How do I enable MFA?

To enable MFA:

  1. Check the security settings on accounts you use; there are different options that MFA may be listed under, such as:
    • Two-Factor Authentication
    • Multi-Factor Authentication
    • Two-Step Verification

Here are some common methods of additional authentication:

Text Message (SMS) or Email: When you login to an account, the service will send a code to your phone or email account, which you then use to login. Note that this SMS/mail is the weakest form of MFA, and you should only use it if none of the other options are available.

Token Authentication: A token can be provided either via hardware (usually a small, keychain-sized device with a digital screen) or software. It is assigned to a user and generates a dynamic authentication code at fixed intervals.

Authenticator App: A type of token, an authenticator app generates MFA login codes on your smartphone. When prompted for your MFA code, launch the app and type in the displayed number. These codes often expire every 30 or 60 seconds.

Push Notification: Instead of using a numeric code, the service "pushes" a request for access to your phone. You can approve the request via the pop-up notification or deny it if you did not initiate the authentication request.

FIDO Authentication: FIDO stands for "Fast Identity Online" and is the gold standard of MFA. The FIDO protocol is built into all major browsers and phones. It can use secure biometric authentication mechanisms - such as facial recognition, a fingerprint, or voice recognition - and is built on a foundation of strong cryptography. Often it uses a physical device called a "key," which is essentially an encrypted version of a key to your house. Learn more about FIDO keys from the FIDO Alliance.

Want to learn more about MFA? 

CISA.gov: Multi-Factor Authentication

Set up multifactor authentication for Microsoft 365

NIST.gov: Multi-Factor Authentication