“Best” is a hard thing to determine because every business situation is different. One thing we know for sure, though, is this: standard passwords are outdated.
Failing to use multi-factor authentication and secure passwords opens your organization to data breaches and ransomware attacks.
As the way of the future moves toward a world of purely MFA, this blog will review the different types of multi-factor authentication and which types may be best for different types of businesses.
What is MFA?
First, a quick review. Multi-factor authentication, or MFA for short, is an authentication system that requires more than one distinct authentication factor for successful authentication. Multi-factor authentication can be performed using a multi-factor authenticator or a combination of authenticators that provide different factors.
In simple terms, MFA is a multi-step account login process that requires users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint.
Different Types of MFA
Several different types of multi-factor authentication may be ideal for different businesses. These include:
- Text and call one-time passwords (OTPs)
- Authenticator app
- Email codes
- Biometric verification (fingerprint or visual)
- Physical key
Text and Call One-Time Passwords (OTPs)
Text and call one-time passwords are very similar to email codes; they are just received via phone rather than a computer. A one-time password is texted to you, or you read the code by receiving a phone call.
The major downside to text and OTPs is that many have a time limit. If you are not near your phone when the code is sent, or you are experiencing spotty service, the code may expire before you can enter it.
On the plus side, this form of MFA does not require users to download an app.
Speaking of apps–another popular form of MFA is authenticator apps. As implied above, you download an authentication app to your phone. Companies like Google, Apple, and Microsoft have developed their own apps for their users to provide greater built-in security.
With authenticator apps, users will receive a notification of someone trying to access their account, which you can approve or deny.
Authenticator apps strike an ideal balance of convenience and security. While this is our number one recommended option, not all organizations and accounts support this type of MFA. If your organization needs help initiating authenticator apps, reach out to us here.
Email code is one of the most commonly used and convenient types of MFAs. As the name implies, a code is sent to your email for verification. The code traditionally includes letters, numbers, or a combination of both.
Email code provides a level of accessibility not available with text passwords, which require users to have a phone. However, because of the accessibility, they pose additional risk factors. If a hacker accesses your email, they can hypothetically overcome MFA because they can view the emailed access code.
Biometric verification includes fingerprint identification up to facial recognition. The interesting thing about biometric verification is that many users utilize it to replace their passwords entirely. This, by definition, does not make it an MFA. If used as an MFA in conjunction with a secure password, biometric verification can be a viable MFA option. If used to replace passwords, we do not recommend it for optimal security.
A physical key is considered one of the most secure forms of MFA because you quite literally need a physical object to gain access. For obvious reasons, this eliminates a level of risk for remote hackers.
When using a physical key, a user would insert the key into the computer or device to access information. Physical keys are typically reserved for a company’s highest-value users and access to its most sensitive information. Physical keys are very commonly used in industries such as insurance, investment, and banking, where data is of the utmost sensitivity.
Choosing the Best MFA for Your Business
Like many decisions for your business, there is no one size fits all. The best multi-factor authentication type for your business depends on several factors.
We highly recommend working with a qualified managed IT expert when using a new form of MFA within your business. With experienced IT help, we can help guide you toward the best option that balances both security and convenience for your business.
Clarity Technology Group is here to support your business. Schedule a free assessment today to determine the best MFA for your business.