Introduction
99.9% of breached user accounts do not have multi-factor authentication equipped in their defense.
While most organizations require MFA for very sensitive accounts and records, such as administrative files and security settings. For the everyday user, however, many jobs only require passwords for their work accounts.
Let’s dive into the vast world of MFA, and all the different methods of identity verification that you might encounter.
How MFA Checks User Identity
The different methods of MFA can be broken down into 5 categories: Something you know, something you have, something you are, somewhere you are, and something you do.
Something You Know:
- Passwords: Traditional passwords or PINs.
- Security Questions: Answers to personal questions.
Something You Have:
- SMS/Email Codes: One-time passwords (OTPs) sent via SMS or email.
- Authenticator Apps: Apps like Google Authenticator or Microsoft Authenticator that generate time-based OTPs.
- Hardware Tokens: Physical devices that generate OTPs.
- Smart Cards: Cards with embedded chips used for authentication.
- USB Security Keys: Devices like YubiKey that plug into a USB port.
Something You Are:
- Biometrics: Fingerprint scans, facial recognition, or retinal scans.
Somewhere You Are:
- Geolocation: Verifying the user’s location through GPS or IP address.
Something You Do:
- Behavioral Biometrics: Analyzing patterns like typing speed or mouse movements.
- CAPTCHA: Those puzzles you complete authenticate that you’re a human instead of a bot.
Choosing something that can’t be replicated or hacked is key.
The Best MFA Method for You
Authentication apps and biometrics are among the safest forms of MFA. The apps use an encrypted program to generate one-time codes, which hackers can’t access without having your physical device in hand. By contrast, SMS messages and email accounts are much easier to breach from a distance.
Biometrics are the best choice for multi-factor authentication, and you should opt for this method whenever possible. Your