What is Multi Factor Authentication (MFA)?
What is Multi Factor Authentication (MFA)?
MFA is an identity verification system where one provides two or more independent factors in addition to a username to be authenticated to gain access to accounts, applications or secure networks.

MFA has become a core component in protecting organizations against cyber attacks.
What are the different types of factors in Multi Factor Authentication (MFA)?
Factors are typically categorized as one of the following: something you know, something you have, or something you are.
  1. Something you know, such as a password or PIN.
  2. Something you have, such as a tokens, FOB or smartphone.
  3. Something you are, such as a biometric like fingerprints or retina or facial recognition.
Traditional authentication takes a look at one factor to verify your identity- this is usually a password. But one factor isn’t enough to stop malicious actors. Multi-factor authentication (MFA) uses two or more unique factors to verify your identity, providing an essential barrier against threat actors hacking into accounts, breaching systems, and generally causing severe damage to your enterprise.
How does Multi Factor Authentication (MFA) work?
As users attempt to gain access to organizational resources, they are prompted to provide multiple authentication factors, versus only one. From there, users credentials are verified by the identity provider (IdP) or directory services platform. Once authenticated through the IdP or directory services platform, users are granted access to the resource.
What are the strongest forms of Multi Factor Authentication (MFA)?
Not all authentication methods are built the same, which can affect the strength of an MFA system. SMS TOTPs (time-based one-time passcodes) can be intercepted with the right effort (see SIM-swapping), while QR TOTPs are much harder to steal for threat actors. Physical security keys avoid issues with remote threat actors, but might be inconvenient for those of us who frequently forget where we set down our things.

Acceptto has designed a new authentication approach that is both frictionless and highly secure. We use behavioral modeling that doesn’t rely on binary factors, instead employing a cognitive continuous authentication which not only offers a password-less authentication mechanism but handles post-authorization anomaly detection as well.

Why? Simple: It’s not just about the entry to the system, but what one threat-actor does once they pass the perimeter. All the evil stuff takes place post-authorization. Check out our MFA eBook here for a breakdown of individual methods and their respective strengths and weaknesses.
What security leaders are saying about access and authentication?
The majority of security leaders agree that identity and access management has become more challenging and requires more IT resources to address. As security leaders look to better address account takeovers, 74% agree that relying on password and traditional two-factor authentication (2FA) is not enough. Due to the inadequacy of one-time authorization methods - like passwords and 2FA - security executives agree that intelligent MFA would help them better protect company resources. A lack of insight after initial authentication is becoming a greater concern for most security leaders. Traditional MFA solutions and passwords are proving to not be enough. Learn more about what security leaders are saying by downloading this survey.
Why are usernames and passwords not enough for authentication?
Passwords alone are not a sufficient way to protect resources, even if they are strong. Case in point, “strength” means different things, and is measured variably, by different services.

Hackers can steal our passwords and we won't know until it's too late. They can delete your account, acquire confidential information, and create new fake accounts on the platform. By doing so, they acquire a base from which subsequent malicious action can be instated and multiplied. Multi-factor identity authentication is an easy and effective way to address this problem.

The pervasiveness of password stuffing, brute force and other similar attacks shows that password length is no longer a deterrent. Instead, enterprises should enable their privileged employees and clients/consumer accounts to use solutions that deliver the highest level of security and privacy throughout the lifecycle of their access management.

That solution is continuous authentication, and in the long-term, a passwordless solution as well. The combination of both traits eliminate the threat of password breach completely.

Solutions that include a pre-authorization intelligence, a context-aware risk-based authentication, and most importantly, post-authorization behavioral-based continuous authentication, are critical to emerging as the victor in upcoming cyber battles. It’s not a question of using “strong” passwords over “weak” ones (the parameters of which itself are constantly shifting goalposts). It’s rather about recognizing that “all your passwords are compromised, you just do not know about it; even those passwords you have not yet created..." (Acceptto FEDID 2017).

Once you come to grips with the concept of “total compromise”, you are empowered to employ a platform that offers solutions that are resilient to “total compromise”. The reliance on binary authentication methods such as passwords, even in coordination with 2FA and MFA solutions, make phishing attacks a matter of "when," not "if".
What is Intelligent Multi Factor Authentication (MFA)?
Intelligent MFA is continuous authentication solution that includes a pre-authorization intelligence, a context-aware risk-based authentication, and most importantly, post-authorization behavioral-based continuous authentication. It’s not a question of using “strong” passwords over “weak” ones (the parameters of which itself are constantly shifting goalposts). It’s rather about recognizing that “all your passwords are compromised, you just do not know about it; even those passwords you have not yet created..." (Acceptto FEDID 2017).

Once you come to grips with the concept of “total compromise”, you are empowered to employ a platform that offers solutions that are resilient to “total compromise”. The reliance on binary authentication methods such as passwords, even in coordination with 2FA and MFA solutions, make phishing attacks a matter of "when," not "if".
How does Intelligent MFA work?
The best authentication approach is novel behavioral modeling that doesn’t rely on binary factors, instead employing a cognitive continuous authentication which not only offers a password-less authentication mechanism but handles post-authorization anomaly detection as well.

Why? Simple: It’s not just about the entry to the system, but what one threat-actor does once they pass the perimeter. All the evil stuff takes place post-authorization.
What is Passwordless Authentication?
Passwordless means exactly what it sounds like. It’s a radical shift away from using highly hackable character-comprised keys to grant access to privileged resources. By using a myriad of more secure factors to bypass using passwords and the massive security dilemma they present.
How does passwordless Authentication work?
Passwordless Authentication uses a myriad of factors such as ( examples) to secure and verify access to applications, networks and accounts. These alternative authorization factors take the place of passwords eliminating the need for the further use of password. Leveraging the use of Artificial Intelligence and Machine Learning to capture the behaviors and patterns of users, allows you to ditch passwords and rely on more secure, difficult (if impossible) to replicate factors to guarantee your users are who they say they are.
What is the difference between Behavioral vs Fingerprint Authentication?
Fingerprint Authentication is a form of Biometric Authentication to verify a user's identity based on their fingerprint(s). Fingerprint authentication has been employed for years in effort to identify digital users, protection in financial services and identification in the criminal justice system. Biometric authentication has proven to not be as secure as it once was, now easily to mimic and replicate.

Behavioral Authentication is based on patterns derived from human behaviors, to create a stronger and more reliable verification system. Using our users' discrete habits, devices and significant events collectively to model the behavior while also continuously monitoring the surrounding environment. By leveraging a unique representation of human behavior, organizations are able to precisely identify users, making it extremely hard for hackers to mimic and even harder to clean their trails from interfering with actual legitimate data.
Top 5 things to consider when evaluating MFA vendors?
When evaluating MFA vendors, choose a vendor that:
  1. Supports both Identity Access Manage (IAM) and Customer Identity Access Management (CIAM) needs
  2. Is offered on-premise, cloud or hybrid
  3. Covers all three vectors of mobile, web and workstations
  4. Allows for interoperability or exchange and make use of information between systems or software
  5. Provides transparent costs
How Acceptto’s Intelligent MFA Works?
Consider this: your login credentials have already been compromised. Your passwords have been hacked, regardless of how intricately and uniquely you’ve devised them. Two-factor authentication is temporal, produces friction and fatigue, and can be easily intercepted during transmission. Current multi-factor authentication (MFA) security solutions lack context and rely on too few attributes. Even your biometrics can be reduced to a few binary traits; while a fingerprint or retina scan appears to be distinctive and safe, it too can be spoofed with ease. There are few, if any, solutions that continuously validate your identity post-authorization.

Acceptto is built on the premise that your credentials—current, past, or even in the making—have already been compromised. Your identity and its sanctity cannot be simply reduced to a password, one-time token or solely biometrics. Rather, your unique immutable identity is a combination of your digital DNA and behavior.

Acceptto secures all your devices, enterprise applications, and credentials, to you. We deliver Passwordless Continuous Authentication with real-time threat analytics in an age when your identity is persistently attacked.

Acceptto offers a unified web, mobile, workstation and call center continuous authentication solution that completely eliminates the risk of passwords, binary 2FA and other forms of MFA including biometrics. It does all of this while mining the enterprise data lake to look for signs of abnormal behavior throughout the user session.

Authentication is not a single event with a start and end, nor is it a simple binary of “yes” or “no”. It is a continuum. Acceptto protects every gradation in that continuum.

Our solution eliminates the risk associated with reliance on vulnerable binary authentications such as passwords and high friction two-/multi-factor authentication (2FA/MFA) by responding to the need for continuous authentication on the market.