November 9, 2020 | Veratad Blog | File under: Two-Factor Authentication
MFA vs. 2FA vs. 3FA vs. Smart 2FA: What’s the Difference?
User authentication technology comes in many forms. And with so many acronyms – 2FA, 3FA, MFA, Smart 2FA℠ – it can be easy to mix them up. In this post, we review the most prevalent authentication technologies and the benefits each solution provides.
It’s no secret that authenticating users with only a username and password is not secure. Hackers and bad actors can use brute force attacks and other methods to take over accounts secured with only a single authentication factor. This puts identity data, financial assets and more at risk.
Businesses concerned about security often layer additional authentication factors onto their existing password authentication. This extra step makes accounts more secure – ideally, with a minimal impact on the user experience.
There are multiple different types of solutions that solve this problem. And each has its benefits, applications and shortcomings. These are the four most common types of solutions: MFA vs. 2FA vs. 3FA vs. Smart 2FA.
Multi-Factor Authentication, or “MFA”
Multi-factor authentication is any technology that uses more than one factor to authenticate a user. There are four possible factors:
- What you know – a password
- What you have – possession of a device
- What you are – biometrics
- Where you are – location data
A multi-factor solution will use any combination of these factors. This allows businesses to configure the solution in a number of ways. You could select two, three or four factors to require. Or you could require a password and let the user select their additional authentication factor from a list of possibilities.
In many ways, multi-factor authentication is both a type of solution and an umbrella term. Every square is a rectangle but not every rectangle is a square. In the same way, every authentication method here is technically MFA, but some are specialized variants.
Two-Factor Authentication, or “2FA”
2FA, short for two-factor authentication, requires users to provide two pieces of evidence that they are who they say they are. A solution is only considered 2FA if it uses both a password and possession of a device.
After the user enters their password during login, the authentication service sends a message – often via SMS – to their device. Users then use the device as a soft token that unlocks access.
By adding a second layer of authentication to login, 2FA makes systems, accounts and IT infrastructure more secure from account takeovers and fraudulent actors.
In recent years, many consumers have become familiar with 2FA, as most leading technology companies and device manufacturers use the method.
But businesses of any size can benefit from 2FA. Enterprise software providers, fintech companies and even eCommerce businesses all benefit from the balance of security and user experience that 2FA provides.
While 2FA is a powerful tool for account access control, it can’t solve all of your identity problems on its own. Traditional 2FA doesn’t verify identity – just knowledge of a password and possession of a device. This means you can’t use it to establish trust with the user during onboarding.
2FA also isn’t invulnerable. Fraudulent actors can circumvent 2FA by obtaining physical or remote access to a user’s device.
To address these shortcomings, identity verification providers have created new technologies that expand upon the benefits of 2FA.
Three-Factor Authentication, or “3FA”
3FA builds on 2FA by adding an extra method of authentication. Usually, the third factor is “something you are,” meaning biometrics. If you’ve ever used your fingerprint or scanned your face to log into a device, you’re familiar with this process.
Businesses requiring high degrees of security use 3FA because the additional biometric factor makes the authentication more secure.
However, for 3FA – or any authentication – to be effective, the solution provider has to configure it properly. Hackers can sometimes defeat faulty facial recognition technology by simply holding up a picture. To ensure 3FA is effective, more advanced systems will use liveness checks to discern between pictures and actual users.
When well deployed, 3FA is a useful tool for securing access control. But, like 2FA, it’s not suited for the customer onboarding process. The added biometrics factor doesn’t help businesses combat fraud, money laundering, terrorist financing, chargebacks, underage signups and other challenges.
So far, we’ve reviewed a number of types of authentication technology and how you can use them to make your systems more secure. However, they all have one limitation in common: you can’t reliably use them to onboard customers.
Multi-factor authentication ensures that a user you trust is the one trying to access the account. But how can you develop that trust in the first place?
Veratad’s newest solution, called Smart 2FA, remedies this problem. Smart 2FA effectively introduces 2FA to the onboarding process by combining it with identity verification. This provides the highest-level surety that the person is who they say they are.
Smart 2FA introduces two new authentication factors:
- What You Own – ownership of the device
- Who You Are – verifying identity through data
Identity and phone records are incredibly difficult to impersonate. This makes Smart 2FA a secure form of user authentication.
Here’s how Smart 2FA works:
First, the technology conducts an identity check of the user using trusted identity databases and information supplied by the user during onboarding. This allows you to verify identity and identify risk of criminal activities.
Then, the solution provider uses this data to verify that the phone number of the device belongs to the user.
From there, the technology runs the user through the standard 2FA process.
The combination of these factors allows you to verify and authenticate a user at the highest confidence levels. With Smart 2FA, you can be sure that:
- The person exists
- The phone number is real
- The phone number is registered to that person
- The person has possession of the device
Overall, Smart 2FA provides a unique combination of user experience and surety. It’s also easy to deploy with one API and one vendor. This raises the bar of system security without bothering the user with more friction.
For businesses looking to authenticate their users, the differences between authentication solutions can be confusing. By understating the benefits and limitations of each technology, you’ll be able to find an authentication solution that’s right for your business.