In our increasingly digital world, financial institutions must go beyond requiring only usernames and passwords for the sign-in process. They need to employ a combination of factors to validate the individuals using their resources, whether they’re customers accessing electronic products and services or employees accessing systems, applications, and data. Institutions can choose various levels of authentication to verify people’s identity before giving them access to sensitive information, accounts, and other assets. However, multi-factor authentication (MFA) offers a secure and reliable approach for reducing the potential for unauthorized access.
One of the key values of MFA lies in its use of multiple factors for the validation process. MFA adds a layer of protection by requiring users to present a variety of elements to prove who they are. With this method, users must supply valid identification data such as a username followed by at least two types of credentials, such as:
- Something the person knows: This represents “secret” information that is known or shared by both the user and the authenticating entity. Passwords and personal identification numbers (PINs) are the most commonly used shared secrets, but newer methods of identification are gaining popularity. Users may be required to answer questions that only they should know, like the amount of their monthly mortgage payment. Another example is they might have to identify their pre-selected image (chosen when they opened their account) from a group of pictures.
- Something the person has: This is often a security token or a physical device, such as an I.D. card or smartphone, that people must have in their possession. Password-generating tokens can significantly enhance security because they display a random, one-time password or passcode that the recipient must promptly provide to complete the authentication process. Having unpredictable, one-time passwords makes it more challenging for hackers to use keyboard logging to steal credentials.
- Something the person is: This more complex approach to authentication uses a physical characteristic (biometrics) such as face, fingerprint, or voice recognition to verify people’s identity.
Since MFA incorporates factors based on knowledge, possession, and/or biometrics, it makes it more difficult for cybercriminals to compromise people’s identity. Thus, MFA is an ideal verification method to use when more sensitive or critical assets are at stake. MFA is so reliable that the Federal Financial Institution Examination Council (FFIEC) recommends applying it in more high-risk situations. “Management should use multi-factor authentication over encrypted network connections for administrators accessing and managing network devices,” states the FFIEC IT Handbook’s Architecture, Infrastructure, and Operations booklet.
MFA gives financial institutions a valuable security control for their internal and cloud resources. Take our quiz to see how much you know about multi-factor authentication.