FB pixel

Explainer: Multi-factor authentication

Explainer: Multi-factor authentication
 

Multi-factor authentication (MFA) is a layer of security that ensures a person provides two or more pieces of information to complete an authentication check that grants further access to a digital service or application. With the mass popularization of online services that cover deeply personal and vital data such as identity and banking, MFA has become a necessary protection against third-party intruders and malicious actors. Important recent developments supporting MFA adoption include the passage of regulations like the European Union’s Payment Services Directive (PSD2) in 2018, and the emergence of the FIDO Alliance. MFA typically encompasses three factors: knowledge, possession, and inherence.

Knowledge factors rely on what the user knows. Passwords or passcode only the user would know, or answers to questions about personal history are common knowledge factors used in authentication. Variants on passwords include passphrases, formed from multiple words, and personal identification numbers (PIN), typically shorter and purely numerical.

Possession factors provide security by granting access with something only the user has. This method is commonly found as tokens that are disconnected, connected or software. A disconnected token has no connection directly to the main device and usually has a built-in screen that displays a randomly generating password that is input in by the user, like RSA’s SecurID. A connected token directly links to the main device to transmit data to unlock access, very similar to the traditional lock and key. USB tokens, card readers and wireless tags are common examples. Software tokens are stored on a general-purpose device, such as a smartphone and computer, that authorizes access to the main device and can be duplicated.

Inherence factors are data that only the user possesses, or biometrics. Face, fingerprint, and voice biometrics are often deployed as inherence factors. Biometrics in MFA are growing in prevalence with the mass adoption of smartphones and laptops that can be used as data capture devices.

PSD2 was implemented as a means of updating the EU’s digital payments system, protecting customer security and fostering competition. One major change is the requirement for strong customer authentication for all digital transactions, which would necessitate the use of at least two or more forms of MFA. Effectively, any business with a digital footprint operating in the EU now must comply with PSD2 via MFA.

The FIDO Alliance is an industry body launched in 2013 with members including PayPal, Apple, Google, Amazon, American Express, Meta, and Microsoft that aims to promote “authentication standards to help reduce the world’s over-reliance on passwords.”  The FIDO protocol works by registering a user’s device (say, a smartphone) which creates a connected pair of a private and public key. The private key held on the device is authenticated by providing MFA, including biometric data such as a fingerprint and voice, or knowledge and possession factors, which will signal to the public key to grant access.

Click here for more explainers on concepts in biometrics.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

IntelliVision censured for misleading biometric accuracy and bias claims by FTC

The U.S. Federal Trade Commission has slapped IntelliVision with a consent order to halt claims about the accuracy of its…

 

Atos and partners blamed for EES delays

Atos and its consortium partners bear a major share of responsibility for delays in deploying the European Union’s delayed biometric…

 

CFIT pushes efforts on digital company ID to tackle economic crime in the UK

The UK’s Centre for Finance, Innovation and Technology (CFIT) has unveiled progress by its coalition of financial institutions, regulators, and…

 

iProov, iiDENTIFii help Standard Bank create network of trust

It’s one thing to know your customer, and another thing to know your customer is real. As GenAI becomes a…

 

World to spend $26B on IDV checks by 2029: Juniper

By 2029, the total global spend for digital identity verification checks will spike by 74 percent to reach $26 billion,…

 

Regula to replace SumSub as face biometrics provider for Maldives

Regula Forensics has been granted the contract to provide face recognition for the Maldives’ national digital identity, eFaas, after the…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events