Overview[1]#

Multi-Factor Authentication or MFA is an approach to Authentication which requires the assertion of two or more of independent Authentication Factors and it considered a to have a higher Level Of Assurance (or Vectors of Trust) than Authentication Methods than using only one Authentication Factor

Multi-Factor Authentication is where more than one Authentication Factors and each factor SHOULD be independent.

After assertion of one or more of these Authentication Factors must be evaluated by the other party for Authentication to occur. For Multi-Factor Authentication, it must be two or more.

Multi-Factor Authentication is used without regards to the method of obtaining the Authentication Factors

Why you need Multi-Factor Authentication#

Google#

Our research shows that simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during our investigation.

NIST#

Multi-Factor Authentication helps protect you by adding an additional layer of security, making it harder for bad guys to log in as if they were you. Your information is safer because thieves would need to steal both your password and your phone. You would definitely notice if your phone went missing, so you’d report it before a thief could use it to log in. Plus, your phone should be locked, requiring a PIN or fingerprint to unlock, rendering it even less useful if someone wants to use your MFA credentials.

Using 2FA is one of the top three things that security experts do to protect their security online, according to recent Google survey. And consumers feel the same way: almost 9 in 10 (86%) say that using 2FA makes them feel like their online information is more secure, according to TeleSign.

Microsoft#

• 279% more enterprise security incidents from 2016 to 2017
• 81% of Attacks breaches leveraged either weak or stolen passwords

Microsoft says MFA decreases your risk of user compromise by 99%

More Information#

There might be more information for this subject on one of the following:

• 2FA
• Adaptive Risk
• Authentication Channel
• Authentication Method
• Authentication Method Reference Values
• Authenticator App
• Authenticator Assurance Levels
• Best Practices Password
• BeyondCorp
• Biometric Identification
• Biometric Template
• Credential Reuse
• Geolocation
• Google Cloud Security
• Google Wallet vs Apple Pay
• Graded Authentication
• IDSA Integration Framework
• Identify and Authenticate access to system components
• Implicit Scopes
• Inherence Factor
• Knowledge Factor
• LOA 3
• LOA 4
• M-04-04 Level of Assurance (LOA)
• MFA
• Microsoft Passport
• Multiple-channel Authentication
• NIST.SP.800-63B
• NIST.SP.800-63C
• One-Time password
• Operation Aurora
• Password Authentication
• Passwordless SMS Authentication
• Payment Card Industry Data Security Standard
• Personal Identification Number
• Phishing
• Possession Factor
• Privileged Scope
• Proof-of-Possession
• Proximity Card
• Rich Credential
• SS7 hack
• Short Message Service
• Social Login
• Something You Are
• Something You Have
• Something You Know
• Time-based One-time Password Algorithm
• Token
• Touch ID
• Transaction Authentication Number
• Two-Factor Authentication
• U2F
• U2F device
• Universal Second Factor
• Verizon Data Breach Investigations Report
• Web Authentication API
• What To Do About Passwords
• Windows Hello
• YubiKey
• Yubico
• Yubikey NEO

---

• [#1] - Multi-Factor Authentication - based on information obtained 2014-10-26

https://en.wikipedia.org/wiki/Multi-factor_authentication

• [#2] - How to upgrade your security with Azure Multi-Factor Authentication - based on information obtained 2019-12-15
• [#3] - TELESIGN CONSUMER ACCOUNT SECURITY REPORT - based on information obtained 2019-12-15
• [#4] - THE WHY, WHEN AND HOW OF CUSTOMER MULTI-FACTOR AUTHENTICATION - based on information obtained 2019-12-15
• [#5] - Enforce uniform MFA to company-owned resources - based on information obtained 2019-12-15
• [#2] - How effective is basic account hygiene at preventing hijacking - based on information obtained 2019-12-15