Guide to Digital Identity — Part 3 (2FA or MFA)

2FA or MFA (Two or Multi-Factor Authentication)

The two-factor (2FA) or multi-factor authentication (MFA) method uses two or more factors to authenticate a user. It is considered more secure than the conventional single-factor authentication method described in the previous article (Guide to Digital Identity — Part 2).

Due to the digital age, so much of our lives are happening on laptops and mobile devices, and cybercriminals often attack our digital accounts. 2FA or MFA forms an extra layer of protection to provide a more secure authentication process and helps in slowing down the rate of cybercrime.

Two authentication methods, step-up and adaptive authentication, both use 2FA or MFA. Let’s start by talking about them.

Step-Up Authentication: This method significantly lowers the risk of a hacker accessing your online accounts. It involves requesting a user to authenticate themself using the following factors during login:

• First to authenticate using something you know (password).
• Then to authenticate with a second factor via something you have (mobile phone, security key) or something you are (biometrics).

For example, a banking portal requires you to provide user id and password, and then to enter the OTP received on your registered mobile number. In this case, the OTP on your mobile number works as a second factor of authentication. Similarly, another 2FA factor can be used instead of OTP via SMS.

Adaptive Authentication: This method significantly secures users from the fraud in case of unusual account activity. It involves requesting a user to authenticate themself again based on the configured risk profile or the user’s tendency to use the application. It uses the something you have or something you are as the authentication factor.

For example, an e-commerce application might require a logged-in user to authenticate themself in the following scenarios:

• Multiple subsequent unsuccessful transaction requests (risk profile).
• Bulk order creation that costs a considerable amount (unusual account activity, i.e., the user never created a bulk order in the past).