What is the difference between 2FA & MFA?
2-Factor Authentication (2FA)
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. A common method of 2FA is having this first factor will be a password (single factor authentication) and the second factor would be a onetime password sent to a mobile via Txt/SMS.
​
Two-factor authentication adds an additional layer of security to the authentication process. This is achieved by making it harder for attackers to gain access to a person's devices or online accounts because knowing the victim's password alone is not enough. While an attacker may be able to get access to your staff or customer’s login details quite easily, they are unlikely to have access to the second factor. This prevents the attacker from being able to access the targeted system even if the user’s credentials have been compromised.
​
As part of your security posture, you should be monitoring your systems for failed login attempts due to incorrect 2FA information. This will be a tell-tale sign that the credentials are compromised and should be changed asap. This is normally done using a SEIM, like Rapid7 InsightIDR which collects logs from different sources into a single point to monitor.
Multi-Factor Authentication (MFA)
Multifactor builds on 2FA by using additional factors to create layers of security and providing higher levels of authentication. An example of a multifactor authentication (MFA) security structure will look something like this:
​
You authenticate (prove you are you) based on:
-
something you know
-
something you have
-
something you are
The something you know will be a:
-
password
-
passphrase
-
security question answer
-
PIN number
The something you have will be:
-
a physical device like a security token or fob
-
an authenticator app like Google Authenticator, that:
-
sends a notification to your smartphone, or
-
provides you with a temporary access code aka one-time password (OTP)
-
Something you are includes things like:
-
fingerprint
-
face scan
Most attacks originate from remote internet connections, so MFA makes these attacks less threatening. Obtaining passwords is not sufficient for access, and it is unlikely an attacker would also be able to obtain the second or third authentication factor associated with a user account.
​
Factors such as geolocation, type of device and time of day are also being used to help determine whether a user should be authenticated or blocked. Additionally, behavioural biometric identifiers, such as a user's keystroke length, typing speed and mouse movements, can also be discreetly monitored in real time to provide continuous authentication instead of a single one-off authentication check during login.
Related articles ​
​
Multi-Factor Authentication – Easier with Techtonics
​
Techtonics can help you plan for, implement and train your staff to use MFA effectively
call us to get started today! 0800 88 2628
​
​