MFA is an authentication technique that is used as an additional layer of security for enhanced user account protection. It goes beyond the first-degree of authentication – typically a username and password – that most consumer-driven businesses have.
Depending on the industry and the applicable regulatory or compliance needs, MFA can be used in several variants such as:
- Simple OTP (one-time password) to verify that the user possesses the phone number or email address shared for verification.
- A passive check based on intelligence collected around a PII.
- An instant video verification.
In recent years, more and more organizations are moving towards a combination of active and passive MFA. This allows them to passively identify the associated risk based on an anchor, generally a phone number, and then actively challenge the user via an OTP to determine possession. This technique is becoming popular as it serves businesses well and allows them to play into the passwordless strategy that the world is moving towards.