Multifactor Authentication Type

Different types of Multifactor Authentication

Multi-factor authentication MFA), sometimes referred to as two-factor authentication or 2FA, is a security enhancement that allows a user to present two pieces of evidence – their credentials – when logging in to an account. The credentials fall into any of these three categories: (1) something that you know (like a password or PIN or answers to "secret questions" or a specific keystroke pattern), (2) something that a user has in their possession (like a smart card, a smartphone, or a hardware token like Securid for example), or (3) something you are (like a biometric pattern of a user's fingerprint, an iris scan or a voice print). In order to qualify as a multi-factor, the credentials must come from two different categories (from the above 3 categories) to enhance security. This means that entering two different passwords would not be considered multi-factor. However, entering a password followed by a fingerprint scan would be a multi-factor or a two-factor authentiction.

Below is a comparison of different Multi-factor types which are commonly in use today.

MFA Factor Type Comparison


Factor TypeSecurityDeployabilityUsability
Phishing
Resistance
Real-Time
MITM Resistance
PasswordsWeakStrongStrongWeakWeak
Security QuestionsWeakStrongModerateWeakWeak
SMS / Voice / EmailModerateStrongStrongModerateWeak
Software OTPModerateStrongModerateModerateWeak
Physical OTPModerateWeakWeakModerateWeak
Push VerificationStrongStrongStrongStrongModerate
YubiKey OTPStrongStrongStrongModerateWeak
U2F and WebAuthnStrongModerateStrongStrongStrong
Windows HelloStrongWeakStrongStrongStrong

U2F, WebAuthn are FIDO based factors which provide strong security as well as strong resistance against MITM attacks.

Note: U2F Security Key is FIDO 1.0 whereas WebAuthn is FIDO 2.0 compliant. U2F is only supported on Chrome and Firefox browsers. FIDO2 is Web Authentication WebAuthn, a standard web API supported by web browsers.

References
1. Multi-factor authentication (MFA basics NIST)
2. Okta MFA

Comments

  1. Exploring different types of multifactor authentication strengthens online security. For a hosting provider that prioritizes safety, DV Hosting offers solid options with built-in security measures.

    ReplyDelete

Post a Comment

Popular posts from this blog

VMware fix for Invalid manifest and ova file import failed errors

Session Timeout in Oracle Access Manager

SOAPUI - import certificate