A Quick Guide to Multi-Factor Authentication (MFA)

by | Feb 9, 2022

Multi-factor authentication (MFA) has rapidly become an essential component of cybersecurity. After the President signed an Executive Order late last year, Cyber Insurance plans in the US will require its usage. This is becoming a standard across other industries too. A recent report by the Identity Theft Resource Center shows data breaches have risen a record-high 68 percent in 2021.

The coronavirus (COVID-19) has increased the size of the digital workforce, which has made online risks even more prevalent. Complex passwords have historically been enough to protect users. However, Microsoft revealed they have over 300 million fraudulent sign-in attempts per day. They also claimed that 99.9% of account compromise attacks can be blocked with multi-factor authentication.

Table of Contents

What Is Multi-factor Authentication (MFA)?

Multi-Factor Authentication, called MFA for short, is a two or more-step process to verify your identity. This is done by presenting at least two types of factors, such as a password and a time-limited passcode. The more factors used, the better the security.

How Many Types of MFA Factors Are There?

There are five types of factors:

  • Knowledge: Something you know, like a password.
  • Possession: Something you have, such as a passcode received via text.
  • Inherence: Something you are, which can include physical features.
  • Location: Somewhere you are, like connecting to a Wi-Fi network.
  • Behavior: Something you do, such as device usage habits.

Knowledge, possession, and inherence are the three most used factors. Location and behavior are less common but have continued to make advances. Some services have combined location and behavior into one entity: adaptive authentication. It uses artificial intelligence (AI) to assess risk through many observed factors.

What Are Some Examples of MFA?

There are many examples of MFA. It combines two or more types of authentication factors, which can include:

  • Login with a username and password.
  • Entering a PIN.
  • Answering security questions.
  • Inputting a time-limited passcode received via text, phone, or app.
  • Getting a fingerprint scan.
  • Swiping a security card.

Login information, using a PIN, and security questions all act as knowledge factors. Time-limited passcodes, fingerprint scans, and security cards are possession factors. Through partners like Duo Security, it’s recommended to include at least one possession factor, which can be combined with other factors.

Why Is MFA Important?

MFA is important because it increases the safety of your data by making it more difficult for outsiders to access. Online threats are becoming more sophisticated.  Rather than relying on one authentication method, it provides multiple layers of protection.

Is MFA Effective?

MFA is an effective and fast way to improve the cybersecurity of your data, whether it’s for school, work, or personal use. By using more than a password, you can prevent most hack attempts. It’s considered the single easiest way to improve account security.

Attacks will commonly target usernames and passwords. They rarely factor in a secondary form of security. There are many ways that hackers can take advantage of security holes, but passwords are the most common source of problems. By adding additional ways to validate the user’s identity, a stolen password becomes less of a concern.

How Do You Set MFA Up?

When creating an account, you may only need to submit one form of authentication, such as a username and password. Adding a second form of validation will depend on the account and the provider. You’ll frequently find options within your security settings.

If you’re having difficulty setting it up, check the FAQ associated with your account, or contact your local administrator. Third-party services like ITonDemand can also assist with MFA and other cybersecurity solutions.

Is MFA Optional?

For US-based users that have Cyber Insurance, it will now be mandatory. It may not be required for those without insurance, but setting it up proactively will still decrease the chance of a security incident. It’s treated as essential even when it’s not legally enforced.


People often hesitate to embrace newer forms of technology and security. Authentication is no exception. A 2020 research study by CoreView Research reported that 97% of Microsoft 365 users don’t use multi-factor authentication. Meanwhile, 78% of Microsoft 365 administrators don’t have MFA enabled. While these numbers have likely improved, it shows that users and administrators alike have been slow to adopt it.

Considering the high risk of accounts that don’t have MFA, it’s not surprising that mandates would be utilized to increase the usage rate. It’s one of the quickest and easiest ways to add a proven layer of security. For keeping your data secure, it’s better to be proactive than reactive. Once it has been stolen, there is no way to take it back.

Get IT Support