MFA vs 2FA: what’s the difference?
An authentication factor is any type of security credential used to verify that a user is permitted to access the content in question. Passwords are an example of an authentication factor.
It stands to reason that the more ways you must prove you are authorised to use a program, access an account, or view content, then the more secure those things are. And this brings us to the debate of MFA vs 2FA.
Definitions
Understanding MFA vs 2FA starts with understanding what the two terms refer to.
2FA: 2FA stands for two-factor authentication. It’s an authentication method that requires the completion of exactly two authentication factors to allow access/use of a secured network, system, or app.
MFA: MFA stands for multi-factor authentication. It’s an authentication method that requires the completion of two or more authentication factors to allow access/use of a secured network, system, or app.
All 2FA is MFA, but not all MFA is 2FA.
Authentication factors: examples
So, how many ways can a user authenticate themselves? MFA and 2FA can use factors from four categories.
- Knowledge factors
Knowledge factors require users to input some information to prove they are who they say they are. Passwords and PINs (personal identification numbers) are the most common.
- Possession factors
Possession factors require users to possess a specific device or piece of information. For example, one-time passcodes (OTPs), mobile push authentication, etcetera.
- Inherence factors
Inherence factors use characteristics unique to the user to authenticate them. Biometric data is the most common example. For instance, fingerprints or facial recognition.
- Location factors
Factors such as geolocation data and IP addresses can tell a system that should only be accessed in the UK if a user is trying to access from, say, the US. This might suggest that the user in question is not authorised.
Why isn’t one factor enough?
Introducing more authorisation factors improves security. Every extra factor is an additional lock a bad actor needs to break through before they can gain access.
Passwords alone can be easy to crack or compromise. So, more security credentials checked would mean that there’s more keeping your systems safe, and keeping bad actors out.
MFA vs 2FA: pros and cons
MFA
- Pro
MFA (taken here to mean more than 2FA), introduces extra security with every additional authorisation factor.
- Con
You need to consider the user experience. The added security is great, but every extra authentication factor is another hurdle for your users to jump. They may get frustrated if asked to provide too many assurances they are who they say they are.
If authentication keeps people from doing what they want/need to do, they will likely look for ways around it.
2FA
- Pro
Having two authentication factors raises your security compared to only having one (i.e. a password). At the same time, the second authentication factor isn’t so disruptive as to be too much of a hurdle for users.
- Con
In the question of MFA vs 2FA, 2FA may not be enough when accessing highly sensitive data, or critical files.
Pro tip: MFA vs 2FA implementation
When choosing how many authentication factors to use, you need to weigh the level of risk (and thus the need for security) with the impact on the user experience.
MFA vs 2FA: both are good
TL;DR The difference between the sides in MFA vs 2FA is negligible. The two are incredibly closely related. So much so, you can call two-factor authentication ‘MFA’ if you so wish.
Whether it’s two factors or more factors, having extra authentication helps to keep our accounts and systems secure. In a world where data is as powerful as it is, where IT security is a must, and where attackers are stealing passwords, MFA of any kind is a welcome measure.
Useful links
Privilege creep: do you really need access? A message from your IT team
