Multi-Factor Authentication (MFA) requires the user to provide two or more methods to verify their identity in order to access a resource. Instead of just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber-attack.

Solely having a username and password can leave you vulnerable to brute force attacks and can also be stolen by threat actors. Enforcing the use of MFA in a business can increase confidence that your company is safer than it was.

MFA comes in many forms; some use biometrics such as fingerprints to verify a user, others can use physical hardware keys, while the most common form of MFA is likely to be one-time passwords. One-time passwords are 4+ digit codes which are sent to a user’s previously confirmed email, phone number or application. A new code can be generated either periodically or each time an authentication request is submitted.

Adaptive Authentication analyses additional factors when a user tries to log in and uses these values to assign a risk level associated with the login attempt. This can be based on a multitude of things such as location; the time of day and what information is trying to be accessed; the kind of device used; and whether a connection is via a private or public network.

The answers to these questions determine whether a user is required to provide an additional authentication factor or whether they will even be allowed to log in. Any effective and enforced Multi-Factor Authentication strategy will undoubtedly save any organisation time and money in the future.