A guide to multi-factor authentication: What is it and how does it work?

Account security is crucial in today’s digital world. With a steady increase in the number of online accounts and cybersecurity attacks such as data breaches and phishing on the rise, keeping personal information secure can be a challenge. The use of multi-factor authentication, or MFA, continues to gain traction as a popular account security measure.

What is MFA (multi-factor authentication)?

Multi-factor authentication is a digital security protocol that requires additional layers, or "factors," to be provided for an individual to gain access to a system or account, in addition to their username and password.

These factors can include:

• Knowledge. Something you know (a password or PIN).
• Possession. Something you have (a smartphone or USB security key).
• Inherence. Something you are (biometric data, e.g., fingerprint, face recognition).

How does multi-factor authentication work?

Within the factors listed above, service providers can request verification from a user through a range of methods. MFA typically requires at least two layers of authentication from someone to verify a login and grant them access to an account or service.

By requesting additional verification, institutions become better equipped to keep customers’ account details private and their personal information safe and secure.

Examples of MFA

Common methods used for multi-factor authentication include:

• One-time password (OTP). This is typically a 4–8-digit code, that is valid only for a short period of time and is sent to a user’s registered smartphone or email address, or generated by an authentication app.
• A security question. This question prompts an answer that only the user knows.
• Biometrics. Biometrics can include facial recognition, fingerprints, or a scan of a user’s retina.

Note that authentication is not limited to the MFA examples and MFA factors listed above.

What are the benefits of MFA?

MFA enhances security. The additional layer of verification required improves account security since even if one factor, such as a password, is compromised the attackers would need access to additional factor(s) to gain access to the account. This makes unauthorized access more difficult and keeps user information more secure.

Stronger account security helps protect against unauthorized account access, fraudulent activity and identity theft. MFA may also help consumers gain peace of mind by providing an additional layer of security to protect their information with a user-friendly method, such as biometrics or SMS message.

Keeping your information safe

MFA can be a powerful tool to safeguard personal financial information. Stay alert and be familiar with common scams. Never share OTPs, codes, or passwords with anyone. Keep in mind that most companies will never call or text message to ask for user information directly and will not ask for your password.

Enable MFA wherever available for financial accounts and services and take steps to protect your personal information.

Learn more about security and staying safe online.