What is MFA?

MFA is an acronym for Multi-Factor Authentication. It is the term people in the IT world use to describe the process of a computer checking your identity in more than one way before it lets you into your account.

The terms are however important to understand, as they help you to better understand how MFA works and why it’s important.

A deeper look at what MFA means

You might be sitting there thinking that you know exactly what ‘multi-factor’ means. You could well be right, so let’s skip defining what ‘multi’ means. Just to be thorough, and because we are going to talk about factors in a bit more detail, let’s take a look at what ‘factor’ means in IT semantics.

A ‘factor’, in the context of authentication, is a way of defining your identity. The password you type into an account to log-in is one factor through which a computer confirms you are you. It is the most common factor used. Confirmation of the password grants you access into your account. The computer has authenticated your identity through the combination of your username and password matching. This is the ‘authentication’ process.

With MFA, you use more than one factor to confirm your identity alongside your username. MFA uses a combination of three factors to confirm your identity, all of which are interlinked and about you, so you will know them.

Three factors

By using all or a combination of options from these three different key factors, MFA provides a more robust protection system for your data.

1: Know

This is the password, pin, security question or other form of identification that you are most likely already familiar with and using to access your online accounts.

If you want to manage this and save some brain space, we recommend using a password manager to keep your passwords safe.  

2: Have

This is something that is in your possession and that you directly link to your online account. It will most likely be the device that you log-in on or something that you are given by a business to use as part of a multi-factor authentication process.

3: Are

This is you, something that physically defines who you are. This includes a fingerprint, retinal scan or facial recognition, all of which are intrinsic to you. You don’t have anything to remember and many of us are already using this form of authentication every day as part of our internal phone security.

That sounds unnecessary

You may now be wondering why on earth you would put yourself through the stress of trying to remember more. For every account you have using more than just a password to log-in may feel daunting. The prospect of taking more time to log-in and taking-up more brain space to remember extra steps which you worry you might forget is perhaps the reason you don’t think MFA is the best-fit for your business. If you’re thinking it isn’t for you right now, you need to read on.

It is for you. MFA is necessary. It’s also really easy to do.

3 Statistics about the impact MFA

1: MFA has been found to block 99.9% of automated cyber-attacks in 2023 according to statistics.

2: Weak or stolen passwords account for 80% of cyber breaches. MFA adds layers of security to your password so one weak or stolen password will not give access to accounts.

3: 67% of  customers in the UK believe that companies who use MFA care about the protection of personal data according to recent statistics.

Why is MFA important?

MFA plays an important role in the fight against cyber-crime for both individuals and businesses. It is an easy step you can take to protect your accounts from being easily hacked by cyber-criminals. If they have your username, which let’s be honest is often just your name or your email address, they only need to guess your password to gain access. Once in they have access to your personal data. Do you have faith that your passwords are strong enough to defend against a hacker? If the answer is maybe, read on.

Did you know that cyber security experts across the world have found that in every second there are an average of 530 signs of a potential cyber-attack? That’s a whopping 46 million indicators of potential cyber-attacks in just one day.

Protecting yourself and your business from the ticking clock with MFA is usually free. It is normally something you can turn-on in the settings of your online accounts. No extra cost to you or your business. It’s just a choice you need to make. Then an action you need to implement. 

Take a look at the following statistics which demonstrate an interesting parallel between businesses and cyber-attacks. 

2 statistics you should not ignore:

1: Over 68% of people surveyed did not use MFA where it is available.

2: Half of business surveyed by the UK government in 2024 have experienced some form of cyber-attack in the last year.

It is interesting to look at these statistics and consider what impact there may be on the second statistic of people began using MFA as part of their cyber security policy.

How does MFA work?

To describe how MFA works and why you should use it, let’s use an analogy. Your password is the lock you use on your door to gain entry to your house – the place you keep all the information that belongs to you and that you are responsible for looking after.   

Using one password is like having one lock. If your password isn’t very strong, it’s like using a padlock on the front door to your house and hoping you won’t get robbed. The weaker the password; the flimsier the padlock. If you’re using the word password for your password, you’ve forgot the lock entirely. The chances of a thief gaining access to your home and robbing you is high.

Using MFA is like using a multi-point lock on your front door, which is what the average home in the UK uses. If you open your front door, or your back door, take a look at the locks. You will note that it locks at the top, the bottom, and in the middle. MFA is like having that multi-lock on your online accounts.

Why MFA is important for business?

Apply the door analogy above to all your business systems – the places where you store your customer’s confidential data, your accounts, staff information, corporate operations and maybe even secrets.

Now ask yourself: would you be happy with that single padlock protecting your business? If you don’t have MFA enabled on your online accounts, that is the level of security you are using.

As a business you are even more appealing to a hacker because they know you have information worth stealing. You store valuable customer data which can provide cyber-criminals with valuable details to extort more victims.   

MFA should be used as a fundamental part of your business’s log-in protocols as it provides numerous benefits for your business.

What benefits will MFA offer my business?

MFA will offer you business the following benefits:

Gives you control over who is accessing your data

By using more than two methods of verification you are ensuring that only the people who have been given authorisation can access that data. This can be helpful if you share data with third parties, as it helps to ensure that the data only reaches the designated, authorised user as they have the multi-layered login details.

Builds customer satisfaction with your brand

By using MFA, you show your customers you care about the security of their data. Even if you don’t tell them you use it. News reports pop-up on a nearly weekly basis about how people’s data is being lost, by businesses of all sizes. This includes big names business with good reputations, such as the NHS and Welsh Rugby Union.

Your company can stand-out by showcasing its security standard. If you have no cyber-attacks, you communicate to the customer you are a brand to trust whatever your business size. Customers value security more than ever, so using MFA adds value to your business persona with clients.

Defends against cyber criminals

Cyber criminals will have to spend longer trying to hack an account which uses multi-factor authentication. MFA provides layers of security which makes your account safer as a cyber-criminal has to penetrate each layer before they reach your data.

According to a report by Keeper, 56% of people surveyed revealed they used the same password for more than one account. This means that if a cyber-criminal gets hold of that one password it is easier for them to gain access to the rest of your accounts. Implementing MFA means that the cyber-criminal cannot access your accounts without first authenticating who they are, even if they got your password.

Provides compliance

As part of GDPR all businesses who store customer data must do so responsibly and with the utmost care. They must ensure that this data is kept securely and to the best of their ability. It is important to stay on top of updates for your systems and updates to the security landscape that can be added to accounts to prevent cyber-crime. The UK Government provide guidance on this if you need further advice.

MFA can form a part of the security that you put in place to ensure that the customer data you hold is stored as safely as possible.