The Plain English Guide to: Multi-Factor Authentication

Plain English Guide to Multi-Factor Authentication

Executive Summary

  • Multi-Factor Authentication is a method of authenticating a user by requiring at least one additional form of identification on top of a password – usually taking an action on a smartphone.
  • In this Plain English guide, we’ll find out exactly what Multi-Factor Authentication (MFA) is and why you might want to use it – as both a business and personal user.


Remember the days when a simple password was all it took to keep you safe online?

Back then, you could simply tap in ‘letmein’ or ‘opensesame’ and boom – you’re into your Yahoo! Mail account and searching the web on AltaVista with reckless abandon.But in 2020? Things have changed a lot.

Not only has the way we use the internet evolved, and really become central to our lives, but cyberattacks have also become far more sophisticated. Add these factors together and you’ve got the perfect recipe for data disaster.

Thankfully, just as cyberattacks have evolved, so too have the methods businesses can use to thwart them.

We’ve covered a lot of these factors in our in-depth IT security checklist series, but in this Plain English Guide, we’re going to zero in on one specific aspect of cybersecurity: Multi-Factor Authentication, or MFA.

What is Multi-Factor Authentication?

Multi-Factor Authentication, or MFA, is a computer authentication method which requires the user to provide at least two forms of identification – one of which is usually a conventional password.

Think of MFA like a particularly strict bouncer who demands to see not only your passport, but your driving licence too (and maybe even a utility bill for good measure). You might also have heard of Two-Factor Authentication, or 2FA, which is a form of MFA which requires just two forms of identification, such as a password and a smartphone.

How Multi-Factor Authentication works

The concept of MFA hinges on a person’s ability to provide multiple forms of identification and, by extension, an attacker’s inability to provide this.

As the name suggests, these forms of identification are known as ‘factors’. If one or more of these factors are either wrong or incorrectly entered, access is denied.

So, what can be used to prove you are who you say you are? Here are the most common forms of identification used in MFA:

  • Knowledge Factors, also referred to as something you know, include conventional passwords or the answers to secret questions like the all-time classic, What is your mother’s maiden name?
  • Inherent Factors, also known as something you are, include biometric authentication methods such as fingerprint scanners or Apple’s Face ID. These factors are actually the most secure options, as they can confirm a user’s identity in a direct way.
  • Possession Factors, or something you have, are perhaps the most common form of authentication. Heck, even the oldest key for the oldest lock from the oldest building in the world technically falls into this category. These days, however, you’ll usually see possession factors take the form of a smartphone app push notification, physical security token, or a one-time passcode sent via text message.

3 excellent reasons to enable multi-factor authentication today

If you use any of digital services, there’s a good chance you already use Multi-Factor Authentication for at least some of your daily life.

But why should you take the time to enable it across the board, and especially for your business activities?

Here are three great reasons why.

#1: Without MFA, your business is only as secure as your team’s weakest password

It doesn’t matter how much time, money, and resources you pour into your IT security systems – all it takes is one person to use a weak password and it all falls apart. With brute force attacks still happening with regularity, passwords just aren’t enough.

By enabling MFA and using a process such as a password plus one-time passcode, you’ll be far more protected against various forms of cyberattack.

#2: MFA provides an extra layer of security across all of your business-critical apps

The use of productivity suites like Microsoft 365 (Teams, Office, OneDrive, etc.) is becoming more widespread in 2020, and MFA can make these tools far more efficient and secure.

Whereas in the past each of these apps were either entirely unprotected, or only protected with a basic password, the use of MFA means that all of your business-critical apps – and all of the files they host – have an extra layer of protection.

This way, even if an attacker were to get their hands on one of your user passwords, they still wouldn’t be able to log in to Microsoft Teams, for example, without also somehow stealing the user’s smartphone.

#3: It’s easy to set up and usable by (almost) everybody

As the technology behind MFA has evolved, it’s become far less of an inconvenience to take the extra step when logging in.

In fact, we’re at a point now where you can use Multi-Factor Authentication to access business-critical data and apps even if you don’t have a smartphone.

Take Microsoft 365, for example. To use an MFA-secured login to Microsoft 365, users are able to choose from:

  • An SMS text message sent to a mobile phone of any kind.
  • A phone call whereby you simply press the # key to confirm your identity.
  • Use of the Microsoft Authenticator smartphone app.

With options like these, and the growing adoption of biometrics (which are almost fool-proof in their confirmation of identity), it’s easy to see why MFA is becoming so widespread.

Want more expert IT advice to stay safer online? Talk to Get Support

With cyberattacks on the rise, there’s never been a better time to make sure your company’s IT security is up to scratch.

Enabling Multi-Factor Authentication is a great start, and if you hold a Microsoft 365 license, you can do exactly that right now.

If you’re not sure how to get things set up, or you still need a Microsoft 365 subscription perfectly suited to your business, just get in touch with Get Support today on 01865 59 4000 and we’ll point you in the right direction.

Latest From The Blog

Viva Connections

What’s That App? A Beginner’s Guide to Microsoft Viva

In this edition of “What’s That App?”, we’re looking into the employee experience and engagement platform Microsoft Viva. Could it be the catalyst to your business thriving in the new remote working economy?

The Great LinkedIn Data Scrape (And What It Means for UK Businesses)

In mid-2021, a group of hackers managed to access the data of 700 million LinkedIn users via a method called ‘scraping’. Here’s what UK businesses need to know about this potential cyber security risk.
Data Backup

IT Support Insider: Backup, Disaster Recovery, and Business Continuity

In this edition of our IT Support Insider series, we’re turning our attention to an area of computing which can be a genuine lifesaver: backup, disaster recovery, and business continuity