Multi-factor Authentication - It's For Your Own Good

Multi-factor Authentication: It is such a big word for a fairly simple process, a process that makes it more difficult for an imposter to illegally log into your account. Before we delve into what exactly it is, and how it helps you, go ahead and say it: MULTI-FACTOR AUTHENTICATION. There now, that wasn’t so bad was it?

Why? Why? Just . . . why?

Why do you need multi-factor authentication? Well, let us look at the WHAT before explaining the WHY.

The multi in multi-factor authentication comes from the fact that when you log into a website such as an online banking site, you have multiple options to verify that you are really who you claim to be. These factors are:

  • Knowledge factor – something only the user knows (for example a password or PIN)
  • Possession factor – something only the user has (for example an ATM card or mobile phone)
  • Inherence factor – something only the user is (for example biometrics such as a fingerprint)

Now the why: Initially having a user id and password to log into systems such as online banking was acceptable. When cybercrime become so prevalent, and hackers were finding ways to access personal account information, a safer option to identify customers logging into online banking was required.

Enter multi-factor authentication. Multi-factor authentication provides a way to identify a user with multiple factors, therefore decreasing the ability for cybercriminals to hack into personal bank accounts and other private accounts. The more factors, the higher the probability the user who logs in is who he/she claims to be. Some of the most common options for multi-factor authentication involve the following:

Security Questions – Security questions fall under the knowledge factor of multi-factor authentication. Simple questions and answers become a way for customers to further identify, or authenticate, that they were indeed who they said they were. Users would simply select questions from a list, and then provide personal, unique questions that could be answered when challenged upon login. These were initially an adequate way to help identify users, however these questions were being hacked at an alarming rate. Personal information could be found on social media sites, and the likelihood that a question could be answered by a hacker increased. Eventually security questions were considered a weak security rating for authenticating user identity.

  • Text Message Authentication – When logging into online banking, a one-time password, or security code, is sent as a text message to a user’s registered mobile device. This code must be entered upon login; usually expiring after a specified amount of time has passed. Mobile devices fall under the possession factor of multi-factor authentication, as the user must have the device in his/her possession to successfully log in. Receiving a security code on your mobile device helps prevent cyber thieves from hacking into online accounts as they do not have the mobile device in their possession, and are unable to receive the security code.
  • Mobile Authentication – A mobile authenticator requires the user to download an authenticator application on your mobile device. Different authenticators exist for different devices. Some examples are "Google Authenticator™ mobile app", Amazon™ Virtual MFA and Microsoft® Authenticator. Once a mobile authenticator has been setup, it will generate codes through the app on your mobile device, used to verify your identity when logging into online banking or performing certain transactions. Each code is valid for a certain time period, before resetting to a new code. Again this type of authentication falls under the possession factor. Users must have their registered mobile device in order to access the code required at login.
  • Key Fob -  Key fobs are similar to mobile authenticator, in that a random code is generated at certain time intervals on a small device that can easily be attached to a key ring. Key fobs require the user to have this device available anytime he/she wishes to log into a secure online account in order to access the random code generated at the time of login. Key fobs also fall under the possession factor.
  • Access Card – Access cards typically are the size of a credit card, and display a grid of numbers and letters. When logging into a secure site, users refer to the random coordinates generated during login to enter the correct combination of numbers or letters, much like a Bingo card. Access cards are also possession factors.
  • Biometrics – Biometrics is growing in popularity, primarily using voice or fingerprint recognition software, or a retina scan. Sounds like something from a spy movie, right? But biometrics is here to stay. Biometrics is considered inherence factors since voice, fingerprints, and retina scans are inherently unique to each individual.

The bottom line is multi-factor authentication is a simple security feature that requires more than just your password. And it goes beyond guessable security questions. It requires an additional step that, once properly set up, is very convenient and worth the effort. Many people have a mobile device glued to themselves these days. Utilizing the capabilities on your mobile device to keep your online banking information safe is a safe, convenient way to help protect your accounts from being hacked.

Woodforest National Bank

Messages go here

Close This Window

Customize Your Information

Please enter your zip code below so we can give you product information for your location.


Please enter a valid zip code