What is MFA?
MFA (Multi-Factor Authentication) is a security method whereby a user must provide more than one form of verification to gain access to a system, network or application.
Instead of just a password, MFA requires additional proof of identity — such as an SMS code, fingerprint or token.
🔐 The 3 types of authentication factors
An MFA solution combines at least two of these three categories:
| Factor | Examples |
|---|---|
| Something you know | Password, PIN |
| Something you have | Smartphone, token, smart card, SMS code |
| Something you are | Fingerprint, facial recognition (biometrics) |
For example: you log in with your password (knowledge) and confirm via an app on your phone (possession).
🎯 Why is MFA important?
- Prevents misuse of stolen passwords
- Protects against phishing and brute-force attacks
- Strengthens remote access (VPN, RDP)
- Essential for compliance with NIS2, ISO 27001, BIO
- Reduces the risk of data breaches and unauthorised access
🛠️ Where is MFA applied?
| Use case | Examples |
|---|---|
| Cloud platforms | Microsoft 365, Azure, AWS, Google Workspace |
| Remote access | VPN, Jump Server, Remote Access |
| IT systems | Windows/Linux login, Active Directory |
| OT environments | HMI, SCADA, remote engineering tools |
| Web applications | Portals, dashboards, customer portals |
📦 Examples of MFA methods
- Authenticator apps (Microsoft Authenticator, Google Authenticator)
- Push notifications (Duo, Okta Verify)
- SMS codes or email verification
- U2F keys (e.g. YubiKey)
- Biometrics (fingerprint, face)
🏭 MFA in OT environments
- Important when accessing SCADA, engineering workstations or Historian
- Often combined with a Jump Server or Privileged Access Management (PAM)
- MFA must not disrupt production processes
- Offline access sometimes requires alternative methods (e.g. hardware token)
✅ Benefits of MFA
- Greatly improved security
- Prevents a single stolen password from leading to a data breach
- Easy to implement in modern systems
- Suitable for both IT and OT
- Supports risk-based access (Zero Trust)
📌 In summary
MFA is an essential layer of defence that prevents attackers from gaining easy access using only a password. It is a simple, effective and often mandatory measure in modern security strategies.