We live in a technical world, and as such our lives are full of technical acronyms. Many of these abbreviations just become part of our lives, like ATM, which of course stands for Automated Teller Machine.
One you may have been hearing a lot more recently is MFA, or sometimes referred to as 2FA. These stand for Multi Factor Authentication, and 2 Factor Authentication respectively. Anything that uses more than one item to verify identity is automatically multi factor, and therefore 2 factors are by definition also multi factor.
So what does this actually mean for us in the real world?
Security is an ever evolving technology, both in the physical world and the digital one.
MFA or 2FA is a method of determining if you are who you say you are, and therefore have the rights to do a specific action.
You probably have been using Multi Factor Authentication in everyday life for a while now, without realizing it. For example, if you have presented your bank card for payment and had to enter your PIN (Personal Identification Number), you were using MFA.
In fact, if you are a user of Google products you may have already noticed an MFA upgrade to your Google accounts. In late 2021 Google started rolling out MFA on it’s user accounts. Users received emails notifying them that in order to access their accounts they would need to enter their username and password, and then a One Time PIN would be sent to either a secondary email account or a mobile phone for verification. This OTP would then need to be entered in order to access the account.
Basic two factor authentication consists of two items to verify a user. A very simple example of this is a sign-in with an email address and password, where email address is factor one, and password is factor two. If they match with what is listed as correct on the system, then permission is granted to enter the application.
Now, the trouble with things like email address and password for access is that firstly an email address can be very easily obtained (in fact most people give it out freely as a means to be contacted), and secondly a huge majority of users have either very weak or common passwords, and/or use the same few passwords to access multiple items. So if a bad actor knows your email address and can figure out your password for one thing, they can try the same combination on other things, and if you don’t use a different password for each and every thing you sign into, they will be successful.
Multi Factor Authentication is a way of making it a bit harder for the bad guys to access your personal, financial or business information.
MFA and 2FA use several categories of credentials to verify a user:
Something that you know, like passwords, PINs, or security questions such as your mothers maiden name.
Something that you have in your possession, such as your mobile phone, tablet or laptop, a security token, or a badge.
Something that you are, such as your fingerprints, facial or voice recognition, or retinal scans.
Somewhere that you are, or where your chosen GPS device is. This is becoming a category that is coming more into play in some industries, and is likely to become more prevalent. For example, you could not physically use your card at an ATM in Tokyo and then 20 minutes later use it at an ATM in Sydney, so that could be used as a security alert. Or you could have permission to access an application or perform an action provided that the device you are using is in an approved location, such as within a specific state/province or country.
Multi Factor Authentication systems use elements from these categories in combination to verify that the user is genuine. For example, you may need a username and password to enter your bank account, but in order to make a payment you may need to enter a OTP (One Time PIN) that is sent to your mobile phone via text message. In addition, your bank may send notification to your mobile phone that someone has logged in using your credentials as an extra layer of security. This method would use both the knowledge and possession categories.
In another scenario, in order to access a mobile app you may need to enter your username and password, and then use your mobile phone’s camera for facial recognition to be able to log in. In this example the knowledge and inherence factors would be used.
As a business looking for a partner to provide fintech services to you, you need to think both as a business and as a consumer. If you were a customer of your own products or services, would you be comfortable with the security of the payment methods offered by your provider? Online purchases are often abandoned if the customer feels unhappy about the security of their personal and financial information. Security technology is always advancing, with bad actors always hot on it’s heels. When you are looking for a fintech partner you need to feel secure that the solutions offered are keeping pace with current security trends. At Baer’s Crest we understand that security is a major factor in our customers requirements, and we understand MFA technologies. Talk to us about simple yet secure systems that will put both your and your customers’ minds at ease.