What Is MFA, and Why Do I Need It?

By Gabriel Castro

Keeping on top of your online security is a constant but important battle. One popular and easy technique is Multifactor Authentication (MFA), which is rising among the ranks of security best practices. You are probably wondering, “What’s the big deal about MFA? What is it, and why am I hearing about it everywhere?” We’ll answer that question by painting a familiar picture. Let’s say you want to log into a web account. What do you do? You go to the website, enter your username, and that familiar password. Then, you’re in. You can go about your business.

Hold on, though! If you’re one of the 54% of consumers who, according to TeleSign, use five or fewer passwords for all of their accounts, you could allow hackers to gain access to any number of your accounts by simply cracking one those passwords or stealing it from one of the many recent data hacks.

The good news: There’s an easy way to better protect your data. It’s called multifactor authentication (MFA) and you can take initiative to get it.


What does MFA mean?

Multifactor Authentication sounds like a complex system that the FBI or CIA might use. It’s actually very easy to understand. In general, credentials fall into one of three categories:

  • Something you know (a password, a PIN number)
  • Something you possess (a smart card, a smartphone app)
  • Something you are (your fingerprint, your face)

Up until now, you have used one type of credential to gain access into most accounts: your password. MFA is a security enhancement that, when activated, increases the requirement to two types of credentials. The key to MFA’s security enhancement is that your two credentials must come from two different categories out of the three listed above. e.g. Entering two different passwords does not count.

Learn more about activating MFA on your personal accounts


Hacker programing in technology environment with cyber icons and symbols


What’s the difference between MFA and 2FA?

The difference between MFA and 2FA (2 Factor Authentication) is very minute in terms of authentication layers and factors used, which may be considered negligible. Basically, 2FA is a subset of MFA but vice-versa is not true. Authentications involving more than one authentication layers/parameters fall under the category of MFA. As such, 2FA, 3FA, 4FA, are nothing but the sub-categories of MFA.

In short, every 2FA is a multi-factor authentication, but all multi-factor authentications are not necessarily 2FA.

In the light of the above discussion, it may be stated that the selection between 2FA and MFA (2FA and above) should be based on the scope, boundary, data sensitivity, need of securing small, medium or large-sized infrastructure and many similar factors. It should be noted that more the authentication checks we have, better will be the security, but at the same time the user should not feel tiresome/difficult in getting authenticated.

With MFA activated, over 90% of our clients have found it simple and easy to use on a regular basis. Here’s what it looks like. When you go to sign-in with your Office 365 email and password, an additional window will ask you to provide one more credential. You take 5-10 seconds to enter a special code or push a button on an app…and you’re done!



Subscribe to stay informed!

If you enjoyed reading this, we think you'll love our newsletter. Subscribe below to receive our monthly news, events, and IT resources!