Contributed by Lim Jing Wei, Chief FinTech Officer
Multi-Factor Authentication (MFA) is an authentication method that requires users to provide two or more forms of identification before access is granted. Enabling MFA provides additional safeguards to users' online accounts. For instance, accounts with two-factor authentication (2FA) enabled are more secure as threat actors with access to compromised account credentials will not be able to access the account without the second factor of authentication.
Types of Multi-Factor Authentication
There are several types of MFA that leverage what users have and what users are. The most common types are:
SMS-based authentication generates One-Time Passwords (OTPs) (i.e., numeric and alphanumeric codes) which are sent via SMS to the user's registered mobile number. SMS OTPs are typically combined with passwords to provide 2FA, which requires users to provide something they know (their password) and something they have (mobile phone).
Biometrics authentication uses the biological (i.e. fingerprints, facial features, iris patterns) or behavioural characteristics (i.e. voice patterns, signature dynamics, and keystroke patterns) of an individual to verify user identity. As biometric data is unique to each individual, it is typically combined with passwords to provide 2FA as an additional layer of security, which requires users to provide something they know (their password) and something they are (biometric).
Application-based authentication uses authenticator apps to generate OTPs that can be used for 2FA. Popular authenticator apps include Google Authenticator, Microsoft Authenticator, and Authy. Authenticator apps are typically combined with passwords to provide 2FA, which requires users to provide something they know (their password) and something they have (the authenticator app).
CYS Global Remit is committed to implementing the best practice of ensuring users maintain good cyber hygiene by using strong passwords and selecting the most secure 2FA method to protect their online accounts against malicious fraud or cyberattacks.