Multifactor authentication (or MFA) is an account login process that requires multiple methods of authentication in order to verify your identity.
Usually, this process will combine two or more independent credentials – one of which you know (i.e. a password) and one which you’ll obtain (like a security code). For example, along with a password, you might be asked to enter a code sent to your email, answer a security question or confirm a memorable word.
The aim of MFA is to create a layered authentication process to reduce the risk of attackers accessing your account, by using a simple username and password combination; with MFA, if one layer is compromised, access to the account still cannot be gained unless attackers have access to the other.
The use of MFA can dramatically reduce the risk of account compromise under a number of common attack scenarios, including those described below:
- Attackers could reuse credentials harvested from data breaches or leaked datasets (which are often publicly available) to identify instances where a compromised password is used on other systems.
- Conducting brute-force and credential guessing attacks against application user accounts to identify weak passwords.
- ‘Credential spraying’ in which an attacker attempts to log into a large number of user accounts; typically, using a small number or even just one commonly used password.
- Social engineering attacks designed to obtain user credentials, such as phishing attacks.
Why is MFA Necessary?
Whilst having a strong password is great, it’s sometimes not enough – in today’s world, both businesses and users alike store vast volumes of sensitive information online. A breach or misuse of this information could have severe consequences. MFA helps to minimise this risk by being the additional layer of security, meaning no one will be able to access your account, even if the password is stolen.
How does MFA work?
As mentioned earlier, MFA works by requiring additional credentials. Tho most common MFA credentials you’re likely to encounter are one-time passcodes, also known as OTP’s. These are typically 6-8 digit codes that you will receive via email or SMS.
One-time passwords are generated every time an authorisation attempt is requested and usually expire within a certain timeframe of being sent for extra security.
For example, when you try to log into an account, you will first enter your usual credentials being your username and password. Thereafter, you’ll be sent a code via email which you will need to enter on the login screen in order to access your account.
Campaignmaster provides MFA access for all our clients and at no additional charge either.
Would you like to enable MFA on your account with us or perhaps you have some questions about MFA? Get in touch at info@campaignmaster.co.uk.
