de en it fr

Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA)

2FA and MFA are technical methods of providing additional security to logins. Growing numbers of services are adopting these methods because they serve as effective measures against attack techniques like brute force and social engineering. Additionally, the limited time investment required has disproportionately high security gains. Both methods can either replace a password or access code entirely, or provide an extra layer of protection. For instance, a traditional password system can be replaced with the combination of an access card and immediate facial scan. As 2FA and MFA always involve different devices, they are considered hardware-based methods.

2FA typically adds extra protection to a password-protected login. It's important to note that having 2FA does not mean you should use a weak password. Following this recommendation makes it more difficult for potential attackers to crack your login. In a 2FA process, the username and password are entered in the conventional way. This is the primary security barrier. If the entered credentials are correct, the primary device directs you to the secondary device. For example, a code can be sent via SMS to your mobile phone; on receiving the code, you need to enter it in a field on the primary device within a specified time. Other secondary device methods include iris or fingerprint scans, using a magnetic card, and answering a security question on another device. You can access the protected area only after overcoming the second security barrier. A practical everyday example is online banking.

MFA methods employ additional verification factors compared to 2FA, including:

  1. Something only you know (e.g., passwords or PINs);
  2. Something you possess (e.g., ID card, phone, magnetic card, USB stick);
  3. Biometric data (e.g., voice or facial recognition, fingerprints);
  4. Location-based data, evaluated using artificial intelligence (AI), which denies access if the person attempting to log in is at an unusual location;
  5. Time-based data, evaluated using AI, which denies access if the login attempt is made at an unusual time.

AI is also the basis for adaptive authentication technologies. Where analyses suggest that the time or place of a login attempt is unusual, AI enforces additional authentication measures that wouldn't be required in normal circumstances. This means it's a dynamic, intelligent security system.

At Teichmann International (IT Solutions) AG, we recommend 2FA and MFA, and strongly encourage you to use them wherever available. These methods significantly complicate unauthorized access to data and assets. While logins using 2FA and MFA do involve more effort for legitimate users, a successful cyberattack would be far more burdensome for the company – increased effort is always better than suffering a loss.

» to the blog homepage