What is Multi-Factor Authentication and Why You Should Use It

How secure are your passwords? If you’re like most people, not very. We prefer simple, easy-to-remember passwords, and we use the same passwords on multiple systems. When systems force us to create longer, more secure passwords, we can’t remember them unless we write them down, which defeats the purpose. Even if you’re different from most people and use a secure password, you aren’t protected. A criminal gang in Russia has a collection of more than a billion stolen user names with associated passwords. Even using a password manager doesn’t guarantee password security; one firm offering such services, LastPass, was itself hacked.

It’s become clear that keeping your systems secure requires more than a simple password, and more than even a complex password. In order to provide additional security, many applications now are implementing multi-factor authentication.

Multiple Steps to Prove You’re You

The goal of a password is to prove your identity to the system you’re trying to access. In principle, you are the only one who knows your password, so entering the correct password gives access. Because passwords aren’t really secure, though, multi-factor authentication (MFA) requires you prove your identity in more than one way. Typically, this is implemented as a two-step process, two-factor authentication (2FA).

The different steps in multi-factor authentication rely on different means of proving who you are. A password relies on you knowing something. The other steps rely on you having something (such as a token generated by a smart card you carry or a text sent to your phone) or on you being something (biometric measures such as fingerprints or retinal scans).

By requiring more than one form of proof before allowing entry, MFA makes it more difficult for an attacker to fake an identity and gain unauthorized access.

Multi-Factor Authentication in Use

Multi-factor authentication is spreading widely. Research and Markets, an industry research firm, expects spending on MFA to grow more than 17% annually through 2020, becoming a nearly $10 billion market.

Barclays PINsentry for one-time password

Most implementations use 2FA, such as use of a smart card with a pin, or a one-time password in addition to the stored password when logging into a financial website.

More sensitive systems can require as many as four or five factors for authentication, using something you know, something you have, something you are, and either where or when you’re attempting the access; for example, you may be allowed to access an application only on-site during your normal working hours.

At GRVTY, we believe multi-factor authentication should be a necessity for any user but have realized there is a critical flaw in the system that is preventing the average user from employing it. Remembering passwords has always been a problem. Now add to that myriad sites/apps we access per week. Then add the industry’s answer of adding a dongle or token to the whole convoluted process — all this to make the consumer’s data more secure while screwing the pooch on the UX.

We don’t accept that.

That’s why we built GRVTY — the easier, more secure way to login to the web. No passwords, no tokens, and absolutely no dongles. We’ve created multi-factor authentication for the modern world. Check us out at: https://grvty.io.

Follow us to join the #killthepassword movement.