What is multi-factor authentication

Multi-factor authentication (MFA) is a security method that requires users to provide at least two authentication factors (i.e. login credentials) to prove their identity and gain access to a facility.
The purpose of MFA is to restrict unauthorized users from entering a facility by adding an additional layer of authentication to the access control process. MFA enables businesses to monitor and help protect their most vulnerable information and networks. A good MFA strategy aims to strike a balance between user experience and increased workplace security.

MFA uses two or more separate forms of authentication, including:

- what the user knows (password and passcode)
- what the user has (access card, passcode and mobile device)
- what is the user (biometrics)

Benefits of Multi-Factor Authentication

MFA brings several benefits to users, including stronger security and meeting compliance standards.

A more secure form than two-factor authentication

Two-factor authentication (2FA) is a subset of MFA that requires users to enter only two factors to verify their identity. For example, a combination of a password and a hardware or software token is sufficient to gain access to a facility when using 2FA. MFA using more than two tokens makes access more secure.

Meet compliance standards

Several state and federal laws require businesses to use MFA to meet compliance standards. MFA is mandatory for high-security buildings such as data centers, medical centers, power utilities, financial institutions, and government agencies.

Reduce business loss and operating costs

Lost business costs are attributed to factors such as business interruption, lost customers, and lost revenue. Since the implementation of MFA helps businesses avoid physical security compromises, the chances of business disruption and customer loss (which can result in lost business costs) are greatly reduced. Additionally, MFA reduces the need for organizations to hire security guards and install additional physical barriers at each access point. This results in lower operating costs.

Adaptive Multi-Factor Authentication Credentials in Access Control
Adaptive MFA is an approach to access control that uses contextual factors such as day of the week, time of day, risk profile of the user, location, multiple login attempts, consecutive failed logins, and more to determine which authentication factor.

Some Security Factors

Security administrators can choose a combination of two or more security factors. Below are a few examples of such keys.

Mobile Credentials

Mobile access control is one of the most convenient and safest access control methods for enterprises. It enables employees and visitors of businesses to use their mobile phones to open doors.
Security administrators can enable MFA for their properties using mobile credentials. For example, they might configure an access control system in such a way that employees should first use their mobile credentials and then participate in an automated phone call received on their mobile device to answer a few security questions.

Biometrics

Many businesses are using biometric access controls to restrict unauthorized users from entering building premises. The most popular biometrics are fingerprints, facial recognition, retinal scans and palm prints.
Security administrators can enable MFA using a combination of biometrics and other credentials. For example, an access reader can be configured so that the user first scans a fingerprint and then enters the OTP received as a text message (SMS) on the keypad reader to access the facility.

Radio Frequency Identification

RFID technology uses radio waves to communicate between a chip embedded in an RFID tag and an RFID reader. The controller verifies the RFID tags using its database and grants or denies users access to the facility. Security administrators can use RFID tags when setting up MFA for their enterprise. For example, they can configure access control systems so that users first present their RFID cards, and then verify their identity through facial recognition technology to gain access to resources.

The role of card readers in MFA

Businesses use different types of card readers depending on their security needs, including proximity readers, keypad readers, biometric readers, and more.

To enable MFA, you can combine two or more access control readers.

At level 1, you can place a keypad reader so that the user can enter their password and go to the next level of security.
At level 2, you can place a biometric fingerprint scanner where users can authenticate themselves by scanning their fingerprints.
At level 3, you can place a facial recognition reader where users can authenticate themselves by scanning their face.
This three-level access policy facilitates MFA and restricts unauthorized users from entering the facility, even if they steal authorized users' personal identification numbers (PINs).