The Three R’s
- Something to Remember: This factor requires users to provide something they know, such as a password, PIN, or security question. It is the most common form of authentication. Check out our blog for more about making a secure password.
- Something to Retain: This factor involves something the user possesses, such as a physical token (like a smart card or USB key), a mobile device, or a one-time code generated by an authentication app. You can also get a code sent via SMS, but it is far less secure and should be avoided.
- Something to Read: This factor relies on reading biometric characteristics unique to the individual, such as fingerprints, retina scans, facial recognition, or voice recognition.
Why should we use Multi-Factor Authentication (MFA)?
According to CISA.gov:
MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database.
To successfully access an account or system protected by MFA, a user must provide at least two of these authentication factors. This added layer of security significantly reduces the risk of unauthorized access. Even if an attacker obtains one factor (e.g., a stolen password), they would still need the other factor(s) to gain entry. Implementing multi-factor authentication is a significant security measure for safeguarding digital assets and preventing unauthorized access to sensitive data, minimizing the impact of data breaches, and enhancing overall cybersecurity.
Here are a few MFA applications we recommend you use:
In conclusion, Multi-Factor Authentication (MFA) is a crucial security tool that requires multiple verification factors to enhance digital account protection. It mitigates risks associated with compromised credentials, reduces unauthorized access, and bolsters cybersecurity. Popular applications like Google Authenticator, Authy, and Microsoft Authenticator make MFA implementation accessible, making it an essential practice for safeguarding sensitive information in the digital age.