ORSYS le mag 2025 logo

The training and skills medium

Home > Cybersecurity glossary > MFA (multifactor authentication)

MFA (multifactor authentication)

Multi-factor authentication (MFA), Multi is a safety method that requires at least two distinct forms of identificationor more to access an account, an application or a system.

Unlike the 2FA (dual authentication), which is limited to two factors, MFA offers flexibility by combining several layers of verificationThis strengthens protection against unauthorised access.

MFA is based on the principle of multi-factorisation the user must prove their identity via several authentication categories from the following three:

  1. Something you know password, PIN code, secret question.
  2. Something you own smartphone (SMS code, authentication app), physical security key (YubiKey), secure smart card.
  3. Something you are biometrics (fingerprint, facial recognition, retinal scan, voice recognition), behavioural analysis, etc.

 

Three elements image - FR-FR

The higher the number of factors, the more robust the security. For example, a bank might require :

  • A password (1ᵉʳ factor),
  • Confirmation via a mobile app (2ᵉ factor),
  • And a fingerprint (3ᵉ factor).

Google - Noto Color Emoji 15.0 (Animated)How the MFA works

  1. Stage 1 Login: the user enters a username and password.
  2. Step 2 : the system requests a second factor (e.g. temporary code sent by SMS).
  3. Step 3 If necessary, a third factor is required (e.g. facial recognition or physical key).
  4. Access granted only after all the factors have been validated.

📊 Key trends

  • Adaptive MFA security: use of contexts (geographical location, behaviour) to dynamically adjust the level of security.
  • Generalised biometrics 57% of companies use facial or digital recognition as a factor (2023).
  • Zero password (Zero Trust) replacing passwords with biometric methods or hardware keys.
  • Priority sectors banking, healthcare and government are massively adopting MFA (regulatory requirements such as RGPD or PCI DSS).

✅ Advantages of MFA

  • Maximum safety Even if a password is stolen, hackers have to get round other barriers.
  • Protection against attacks : phishingbrute force or social engineering become ineffective without the other factors.
  • Compliance meets strict standards (e.g. protection of health data).
  • Flexibility adaptable according to the sensitivity of the data (2FA for a social network, 3-factor MFA for a bank account).

👉 Examples

  • Access to a corporate cloud password + software token + smart card.
  • Online payment : credit card code (1) + SMS validation (2) + fingerprint (3).
  • Government system Chip card (1) + PIN code (2) + iris scan (3).

⚠️ Good practice

  • Avoid text messages For example, use authentication apps (Google Authenticator, Microsoft Authenticator) or physical keys, which are less vulnerable.
  • Educating users To raise awareness of the importance of not sharing codes or keys.
  • Updating methods Integrate biometric or password-free solutions to reduce risk.

🔮 Future of the MFA

  • Continuous authentication Real-time verification throughout the session (analysis of keystrokes and mouse movements).
  • AI and behavioural analysis detection of anomalies (e.g. attempted connection from a foreign country).
  • Interoperability standardisation of protocols (FIDO2) for simplified integration between devices.
Back to Glossary

field of training

Cybersecurity

associated training

Systems and network security, level 1

Hacking and security, level 1

Information systems security, summary

BEST

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity