A Complete Guide to Multifactor Authentication
Multifactor authentication (MFA) enhances security by requiring a person to verify their identity and access privileges with more than a username and password. Read on to learn what MFA is, how it works, and why implementing MFA software helps protect private information online.
What is multifactor authentication (MFA)?
Multifactor authentication (MFA) is a more secure way to sign into an online account than using a username and password alone. It requires a person to provide at least two pieces of proof of identity called authentication factors. MFA enhances cybersecurity because it relies on more than just passwords, which can be misplaced, stolen, or hacked.
Want to learn more about using a password manager for your business?
Check out Dashlane's business plans or get started with a free business trial.
Breaking down the different authentication factors
The three most common authentication factors are based on a combination of something a user knows (knowledge), something a user is (biometrics), and/or something a user physically possesses. Here are some examples of each:
- Knowledge: login credentials, such as an account name and alphanumeric password, PIN, or security question response
- Biometric: a person’s voice, speech patterns, facial scan, or fingerprint
- Physical possession: a key fob, ID card, or physical device that generates a one-time code
Less common types of authentication factors include:
- Location: IP address, geolocation, or physical proximity to hardware via bluetooth
- Adaptive or risk: based on the user’s common behaviors, such as whether they’re accessing a site from a typical location, during daytime hours, on a recognized device, or via a private network
The importance of MFA
Multifactor authentication is one of the easiest and least burdensome ways to enhance your organization’s cybersecurity. Microsoft, the world’s largest software company and a leading cybersecurity research organization, found that MFA can eliminate 99% of account compromise attacks. Any organization with personal, restricted, or valuable information that can be accessed online could benefit from MFA, given the prevalence and evolution of cybercrime.
Adding an extra layer of identity verification with MFA helps prevent cybercriminals from gaining access to your employees’ accounts with stolen or weak passwords. Additionally, as organizations worldwide continue to see an increased need for remote access for employees, MFA provides enhanced security in situations that present vulnerabilities, such as employees using personal devices and unsecured WiFi connections to access organizational data.
MFA implementation continues to see increased adoption across all industries and geographies as companies and consumers see the benefits of enhanced security. Some regulatory bodies now require MFA implementation to reduce the risk of cybercrime. In fact, MFA is now mandatory for federal agencies that collect sensitive personal information on U.S. citizens.
How does MFA work?
MFA is a multi-step process that verifies identity and access rights to a piece of software, a file, or a hardware device. MFA works by combining two or more different types of identification factors, such as a user’s login ID and password combination (what a user knows), an ID card (what a user has), and biometric data of a user’s fingerprint (who a user is). The complexity of verifying your identity in multiple ways, often using more than one registered device, means only the right people should have access to information.
One of the most popular modern applications of MFA best practices is 2-factor authentication (2FA), a form of MFA that requires two layers of authentication. A common example of 2FA is the need to input both personal user login credentials and a one-time passcode sent via email or text message to a mobile device.
Implementing MFA is one of the most important steps you can take to secure your organization’s data and protect your business against losses due to cybercrime. When applied correctly, top MFA login software, such as a password manager, plays a vital role in promoting data security.
Real-world example: how Amazon uses MFA to address suspicious user behaviors
When an Amazon customer engages in unusual or potentially suspicious behavior, such as logging in to their account from a new location, multifactor authentication is triggered to verify their identity and access privileges. In addition to providing their username and password, the person may be asked to enter a one-time passcode sent to their registered email or a trusted mobile device.
If the person doesn’t have access to their trusted device, an alternative option for completing MFA verification may include speaking to an account representative on the phone and sharing relevant details about what they remember about their recent Amazon shopping patterns.
By using MFA, Amazon establishes that the person’s behaviors and access to its e-commerce site are legitimate and unlikely to be tied to cybercrime.
What risks does MFA help mitigate?
As of 2022, just 11% of cloud users have adopted multifactor authentication, although more than 63% of people reuse passwords across their accounts and devices. Reusing passwords makes it easy for cybercriminals to access and compromise private information, but MFA adds an extra layer of defense against these cybercrimes.
Ransomware attacks and data breaches have become a major threat to businesses, with losses hitting companies of all sizes, including high-profile losses across the Fortune 500. KPMG found that 62% of U.S. firms experienced data loss events in 2021. Meanwhile, according to Anne Neuberger, former U.S. Deputy National Security Advisor for Cyber and Emerging Technology, up to 90% of the most severe cyberattacks leading to data breaches could be better prevented with the adoption of multifactor authentication best practices.
Forbes technology council member Stu Sjouwerman also recently published an article outlining why adopting more stringent MFA standards (specifically based around the FIDO2 protocol) is essential to mitigating threats—especially those driven by the human errors associated with more than 82% of cyberattacks.
Multifactor authentication software benefits
Software with additional layers of authentication, such as Dashlane’s password manager, helps businesses mitigate risks and protect private information.
Organizations implement multifactor authentication software to:
- Apply evidence-based cybersecurity strategy for safeguarding data and protecting company, client, and partner information.
- Ensure that all internal and external users, partners, customers, and suppliers follow recommended identity and access management protocols (IAM).
- Reduce the risk of human error and cyber threats with software that is easily implemented and used without the need to reinvent core processes.
- Better meet the demand for safe and secure single sign-on (SSO) solutions.
- Support cloud-powered technology and remote work with the most dynamic and effective software solutions.
CyberEdge’s annual Cyberthreat Defense Report (CDR) found that 32% of companies are planning to invest in an MFA strategy within a year to protect against cybercrime. In the near future, more widespread adoption will continue to trickle down as public and private organizations of every shape and size work to enhance their cybersecurity policies.
The future of multifactor authentication: unlocking a more secure passwordless future
The need for more widespread MFA adoption is being driven by increased remote work, usage of digital payment systems, and cyberattacks. In 2022, the global MFA market is valued at $12.9 billion and is expected to grow by nearly 16% annually to $26.7 billion by 2027.
The future growth of the MFA industry relies on hardware, software solutions, and the implementation of organizational policies to evolve in tandem. However, industry analysts predict that MFA software solutions will hold the largest market share.
In the near future, the most successful MFA applications won’t require passwords as we currently think of them. But unlocking the innovations of tomorrow is only possible by making the right strategic investments today.
Check out our blog post to learn more about the passwordless future of multifactor authentication.
- Webinar Care, “Multi-Factor Authentication (MFA) Statistics 2022,” Oct 2022.
- Dashlane, “Case Study: How VillageReach eliminated hundreds of reused passwords within a global workspace,”, Feb 2022.
- Dashlane, “A Beginner’s Guide to Two-Factor Authentication,” Aug 2022.
- Dashlane, “Password Management 101,” Oct 2020.
- UC Berkeley, “Why Reusing Passwords is a Bad Idea,” Apr 2021.
- Enterprise Apps Today, “Some Critical Data Breach Statistics And Facts For People To Be Well Prepared To Fight Against Cybercrime,” Sep 2022.
- Infosecurity, “Tech CEOs: Multi-Factor Authentication Can Prevent 90% of Attacks,” Sep 2021.
- Forbes, “Why MFA Falls Short And What Can Be Done About It,” Aug 2022.
- Verizon, “Data Breach Investigations Report,” 2022
- Dashlane, “Identity and Access Management 101,” 2022
- Dashlane, “SSO Technology Overview & Integration With Dashlane,” Sep 2022.
- Rublon, “Almost Half of Companies Do Not Use MFA, 2022 Report Finds,” May 2022
- Business Wire, “Global Multi-Factor Authentication Market Report 2022-2027,” Aug 2022
- Dashlane, “Ushering in the Passwordless Future at Dashlane,” Aug 2022