This document aims to define and discuss the concept of Multi-Factor Authentication, sometimes written as Multifactor Authentication, and also referred to as MFA. According to Google Trends, interest in the term Multi-Factor Authentication has grown to 41%, up from a mere 3% back in 2004. It is a term that relates to online security and the protection of accounts and essentially the data those accounts possess. First, I will discuss definitions of Multifactor Authentication, write about how it is relevant then provide my definition of the term.
The Oxford English Dictionary(2014) defines authentication as “the action or process of validating, approving, or authenticating something” and defines multifactor as “involving or dependent on a number of factors or causes.” Without attaching any context to the term, Multifactor Authentication means more than one factor for authenticating something.
In the technological industry, “Multi-Factor Authentication (MFA) is a form of strong authentication which uses more than one information…” (S. Ibrokhimov et al., 2019). This definition suggests the use of a username and password in addition to another vital piece of identification data such as the answer to a security question, as substantial components for Multi-Factor Authentication.
Another technical perspective states that “Multi-factor authentication can incorporate various layers of authentication solutions implemented in conjunction with one another, such as user name and password with a token and a biometric finger scanner.” (Tatham, M. et al., 2009). This definition plainly describes the flexibility of Multi-factor authentication where a user could choose to use their username and password plus a security question plus a one-time pin or token plus a finger scan or a facial scan to authenticate to a website or application. All three definitions maintain the understanding that Multifactor Authentication involves a username and password plus two or more steps for validation. Interestingly, the Oxford English Dictionary does not specify what factors are used to determine authentication. Whereas, S. Ibrokhimov et al.’s definition, even though not very specific, indicates that information is needed to verify authentication. Better than that, Tatham, M. et al.’s definition goes even further by naming the information needed (e.g username, password, a token, and fingerprint) required for authentication.
With a better understanding of what Multi-Factor Authentication is, it is easier to picture how it relates to everyday life. A digestible approach would be to think of physical security. Physical items in the home are secured by the use of a door with a lock and a key. Now consider digital security. Digital things such as personal email accounts are secured by a username and password. Imagine that digital items are like physical items, a door with a lock is like a username and the key is like a password. Even though the lock and key help keep the physical items secured, they are not always enough to prevent break-ins. A lock can be picked similarly to how a password can be hacked. One way to deter a break-in would be to add an alarm system, this is where Multi-Factor Authentication comes in. “You should use MFA whenever possible, especially when it comes to your most sensitive data—like your primary email, your financial accounts, and your health records.” (National Institute of Standards and Technology [NIST],2016). Due to increasing data breaches of consumer companies (Staples, Home Depot, Target, and Michaels), health insurance companies (Primera Blue Cross and Anthem) and financial institutions (JPMorgan Chase and the IRS), there is no guarantee that only a username and password are enough to deter hackers from breaking into personal online accounts. “Multi-Factor Authentication is your friend” (Gray, 2019), this statement was posted in a Forbes.com article after several data breach stories surfaced in the news. We should all start familiarizing ourselves with password authentication processes consisting of more than two steps to help ensure the safety of our digital data and Multi-Factor Authentication is an additional line of defense to help ward off cyber-crime.
After doing research and thinking about my experience using Multi-Factor Authentication, I would define it as an account login process requiring username and password plus at least two methods of verification that may include the use of tokens (an authentication app or one-time pin code) and biological input (a fingerprint scan or face scan).
Granville, K. (2015, February 5). 9 recent cyberattacks against big businesses. The New York Times. https://www.nytimes.com/interactive/2015/02/05/technology/recent-cyberattacks.html
Gray, J. (2019, October 7). Amping up security through passwords and multi-factor authentication. Forbes.com. https://www.forbes.com/sites/joegray/2019/10/07/amping-up-security-through-passwords-and-multi-factor-authentication/#59602c876dce
Google. (n.d.). [Google Trend of term Multifactor Authentication]. Retrieved October 4, 2020, from https://trends.google.com/trends/explore?date=all&geo=US&q=%2Fm%2F05zybfn
National Institute of Standards and Technology. (2016, June 28). Back to basics: Multi-factor authentication (MFA). NIST. https://www.nist.gov/itl/applied-cybersecurity/tig/back-basics-multi-factor-authentication
Oxford University Press. (n.d.). Authentication. In OED Online. Retrieved September 27, 2020, from www.oed.com/view/Entry/13323
Oxford University Press. (n.d.). Mutlifactor. In OED Online. Retrieved September 27, 2020, from www.oed.com/view/Entry/254366
S. Ibrokhimov, K. L. Hui, A. Abdulhakim Al-Absi, h. j. lee and M. Sain, “Multi-Factor Authentication in Cyber Physical System: A State of Art Survey,” 2019 21st International Conference on Advanced Communication Technology (ICACT), PyeongChang Kwangwoon_Do, Korea (South), 2019, pp. 279-284, doi: 10.23919/ICACT.2019.8701960.
Smith, J.F. (2015, May 26). Cyberattack exposes I.R.S. tax returns. The New York Times. https://www.nytimes.com/2015/05/27/business/breach-exposes-irs-tax-returns.html Tatham, M., & Honkanen, A. (2009). Mobility for Secure Multi-Factor “Out of Band” Authentication. In B. Unhelkar (Ed.), Handbook of Research in Mobile Business: Technical, Methodological, and Social Perspectives (2nd ed., pp. 388-398). Idea Group Reference. https://link-gale-com.citytech.ezproxy.cuny.edu/apps/doc/CX1809100051/GVRL?u=cuny_nytc&sid=GVRL&xid=a41ac927