Vane3alga

Business
Focused
Technology

Multi-Factor Authentication

IT360
IT360

By Cybersecurity & Infrastructure Security Agency

OVERVIEW

Multi-factor authentication (MFA) is a layered approach to securing physical and logical access where a system requires a user to present a combination of two or more different authenticators to verify a user’s identity for login. MFA increases security because even if one authenticator becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space or computer system.

WHY IS MFA IMPORTANT?

Implementing MFA makes it more difficult for a threat actor to gain access to business premises and information systems, such as remote access technology, email, and billing systems, even if passwords or PINs are compromised through phishing attacks or other means.

Adversaries are increasingly capable of guessing or harvesting passwords to gain illicit access. Password cracking techniques are becoming more sophisticated and high-powered computing is increasingly affordable. In addition, adversaries harvest credentials through phishing emails or by identifying passwords reused from other systems. MFA adds a strong protection against account takeover by greatly increasing the level of difficulty for adversaries.

HOW DOES MFA WORK?

MFA requires users to present two or more authentication factors at login to verify their identity before they are granted access. Each additional authentication factor added to the login process increases security. A typical MFA login would require the user to present some combination of the following:

For example, MFA could require users to insert a smart card or a bank card into a card reader (first factor) and then enter a password or a PIN (second factor). An unauthorized user in possession of the card would not be able to log in without also knowing the password; likewise, the password is useless without physical access to the card.

Consider enforcing MFA on Internet-facing systems, such as email, remote desktop, and Virtual Private Network (VPNs). Implementation schedules, costs, adoption willingness, and the degree of protection provided vary depending on the solutions selected and the platforms to be protected, so match the capability to the need.

If you have questions or suggestions regarding this product, please feel free to contact CISA Central at central@cisa.gov and reference the Multi-factor Authentication document in the subject line.

Success Stories

Principal Owner, Marketing Firm

Bringing IT360 on as our technology services “department” was one of the smartest business decisions we’ve made. Over the years, we’ve tried various similar services and have also hired internal IT staff, and we’ve never felt confident that we were adequately supported. IT360 has changed all that. They not only provide proactive, comprehensive technical support and consulting, they engage with us in a way that feels like they are part of our company…a true business partner.

Principal Owner, Marketing Firm

Recent
Technology News

IT360 News
Summer Travel = Cyber Risk

How to stay secure on the go with it360 As summer kicks into full gear, many professionals find themselves working from new locations—whether it’s a vacation rental, a hotel lobby, or the occasional airport gate. While flexible work environments can boost morale and productivity, they also introduce a new wave of cybersecurity risks. We want […]

Read more
IT360 News
Halfway Through 2025: Is Your Tech Strategy on Track?

A mid-year check-in from it360 As we reach the midpoint of 2025, it’s a great time to pause and reflect: is your current IT strategy truly supporting your business goals? We encourage you to use this moment as a strategic checkpoint—to assess performance, identify gaps, and plan with purpose for the second half of the […]

Read more