Security Behaviour Database
/
All Behaviours > Using multi-factor authentication

Using multi-factor authentication

Multi-Factor Authentication (MFA) is the process of signing in to an account using two pieces of information. Normally this is a password and a unique code obtained from a phone. Either via a text message or from an MFA app. MFA prevents account compromise as it is less likely attackers will have access to an account password and the MFA device.


Why is it important?

Accounts are valuable. Controlling who has access to them is important, especially within the context of organisational security.

Most accounts are protected with passwords. Passwords are an example of something you know. The issue with passwords is that they can be weak, leaked or guessed.

Multi-factor authentication (MFA) requires another piece of information, something you have or are. This information is harder to compromise. MFA can be set up in various ways but they all make an account more resilient.

Priority Tier

Behaviours in SebDB are ranked by their impact on risk. Tier 1 behaviours have the biggest impact, Tier 4 behaviours the least.

Tier 0

Risk Mitigated

Account Compromise

Account Compromise

Account compromise happens when unauthorised people access them.

Further reading

https://www.cybercc.gr/m/filer_public/2015/03/30/eurosec15.pdf https://www.wired.com/story/two-factor-authentication-apps-authy-google-authenticator/ https://www.ncsc.gov.uk/guidance/setting-two-factor-authentication-2fa https://go.gale.com/ps/i.do?p=STND&u=bu_uk&id=GALE|A599697922&v=2.1&it=r&sid=STND&asid=ee245c71

SebDB is brought to you byCybSafe| © 2022 CybSafe Ltd