Which Multi-Factor Authentication (MFA) Is The Most Secure, And Which MFA Is The Best For Users?

Which Multi-Factor Authentication (MFA) Is The Most Secure, And Which MFA Is The Best For Users?

Share this Article!

The theft of user’s login details is at an all-time high and is responsible for more data breaches than any other type of cyber-attack.

With many businesses and organisations now utilising cloud-based technology, a user’s log in details have become the easiest way for hackers to infiltrate systems and to access confidential information.

Being able to log in as an authorised user – and especially as a user that has admin privileges – can allow an unauthorised person to access all types of valuable information, from private emails to accounting to business strategy, which can be highly detrimental to both the organisation, its employees, and its customers.

A hacker can also engage in highly nefarious activities including blackmail and ransom, which can lead to the loss of thousand or even millions of dollars, and the loss of all commercial and personal credibility.

Unfortunately, these are real and present dangers in today’s online society.

As such, it is prudent for individuals and organisations to ask, how to secure and protect online accounts, information, and business operations from malicious activity?

The answer is the implementation and employment of multi-factor authentication (MFA).

MFA provides a significant online barrier to criminals and hackers, even if they have come into possession of legitimate user credentials to log into a system. That is because MFA requires a user to have access to separate log in device, which only the authorised user will be in personal possession of. These might include a laptop, mobile phone, smart phone, or tablets, which will be required to complete the full MFA authentication process.

What Are the Three Main Methods And Devices Used For MFA?

Multi-factor authentication uses three main methods and devices. There are differences with all three that make some more secure than others, and some are more convenient for the user to access as well.

Following are the three main methods which are used for MFA:

SMS Based

One form of MFA that many people will be familiar with is SMS-based.

This type of MFA uses text messaging to authenticate the user when they are trying to log in. For this process, a user will usually add their own mobile phone number when they are setting up a MFA.

Then, whenever they log into their personal account, they will receive a text message to their designated mobile number with a time-sensitive code that must be entered in the MFA process, for them to continue with their log in process.

An On-Device App Prompt

Another type of MFA uses an on-device app to provide a log in code to the user.

The user generates the MFA code when they are trying to log in, which is then received by the user through the app.

This is usually done via a push notification, and it can be accessed via a mobile app or a desktop app.

A Physical Security Key

The third most common method of MFA involves the issuing of a physical item such as a security key, that the user can insert into a PC or mobile device to authenticate their login attempt.

The key itself is obtained at the time that the MFA is set up, and it will be the item that transmits the authentication code upon user log in, and it will implement the authorisation automatically.

A MFA security key is usually smaller than a traditional thumb or USB drive, and the authorised user must be in possession of it to facilitate the MFA process when they log into a system.

Next, we will look at the differences between these three main methods used with multi-factor authentication.

What Is The Most Convenient Form of MFA?

All three methods of MFA that we have mentioned are relatively convenient and have their reasons for recommendation.

Possibly an SMS-based MFA is the most convenient, as this type of method is already in use across the general community, and most people would have encountered it before, which will mean that they are somewhat familiar with it.

And there is no additional app or interface that needs to be accessed in order to progress with the MFA process.

What Is The Most Secure Form Of MFA?

Although all three methods of MFA that we have mentioned will enhance your organisations online security, the most secure form of MFA of the three is the security key.

That is because the security key is a device that is physically separate from any device which you may use to attempt to log in to your systems with, such as a computer or mobile phone.

Also, in the unfortunate event that a computer or mobile phone were lost or stolen, it may be possible for a MFA and log in to be comprised, if the MFA process is already present and accessible on that device.

Additionally, a Google study looked at the effectiveness of the three methods of MFA that we have mentioned when restricting three different types of attacks, and it found the following:

The security key was the most secure MFA device overall, with the percentage of malicious actions blocked on:

  • SMS-based devices: between 76 – 100% malicious actions blocked.
  • An on-device app prompt: between 90 – 100% malicious actions blocked.
  • A physical security key: 100% of malicious actions blocked.

Where Does That Leave The Option For An On-Device Prompt In A Device App?

Using a multi-factor authentication application that delivers the code via a push notification is more secure than a SMS-based MFA.

And it is also more convenient than needing to carry around a separate physical security key, which can be lost or misplaced, so it is still a viable option which will help to increase your online security.

Are You Looking For Help With Setting Up MFA?

Multi-factor authentication is a “must-have” in today’s online security environment.

And we can assist you with all aspects of your online security, and help you implement a security solution that best suits your individual, company, and organisation’s needs. Contact us today and don’t leave your systems at risk for another minute.

Share this Article!