2.5.2. π‘ First Principle: Multi-Factor Authentication (MFA)
First Principle: Multi-Factor Authentication (MFA) is a security process that requires users to provide two or more forms of verification to prove their identity. Its core purpose is to add a critical second layer of security to user sign-ins, significantly reducing the risk of unauthorized access from compromised credentials.
What It Is: A method of authentication that requires the use of more than one verification method and adds a critical second layer of security to user sign-ins and transactions.
How It Works: MFA works by requiring two or more of the following authentication methods:
- Something you know (typically a password).
- Something you have (a trusted device that is not easily duplicated, like a phone or hardware key).
- Something you are (biometrics like a fingerprint or face scan).
Scenario: A company is concerned about the security risk of employees using simple or reused passwords. They want to implement a stronger security measure to protect access to their corporate applications, even if a user's password is stolen.
Reflection Question: How does enabling MFA for all users significantly improve the company's security posture against common attacks like phishing and password spraying?
π‘ Tip: MFA is one of the most effective ways to increase the security of your accounts. Microsoft states that it can block over 99.9% of account compromise attacks.
