What is Multi-Factor Authentication and Why is it important?

Passwords alone are no longer sufficient to protect sensitive information.  Bad actors have adapted their strategies to incorporate more sophisticated tools and techniques that increase the risk that your credentials may be compromised.  From phishing attacks to password spraying to keystroke logging, your accounts and data are at more risk than ever before in our ever more connected world.     

Multi-Factor Authentication, or MFA, is one of the more effective methods of protecting yourself against credential compromise.  Though many organizations, such as banks, are still just highly encouraging their customers to embrace this fundamental security control, others are increasingly making it a requirement to access accounts and information portals that contain confidential or personal data pertaining to their users or services.  In a study conducted by Microsoft it was concluded that 99.9% of account compromise incidents examined during the period of their study would have been prevented had the organizations utilized MFA.1


There are three main types of MFA. 

  1. Something you know. This includes passwords, PINs, and combinations.  
  2. Something you have. This is a physical object, such as a key or smart card.  
  3. Something you are, otherwise known as biometric verification. This could be a fingerprint, retina scan, or voice recognition. 

Utilizing two or more of these factors when challenging someone for authentication makes it significantly more difficult for a bad actor to impersonate a user and gain unauthorized access to their data.   

The University of Richmond supports and encourages all students, faculty, and staff to utilize MFA wherever possible to protect their sensitive data.  This simple and effective control could prevent you from becoming the victim of account compromise or identity theft.   

Contact infosec@richmond.edu if you have questions or need assistance pertaining to MFA.

 

1 One simple action you can take to prevent 99.9 percent of attacks on your accounts (microsoft.com)