Guides
Contact Us

What is Multifactor Authentication?

Suggest Edits

When you sign into your BIEASES accounts - a process we call "authentication" - you're proving to the service that you are who you say you are. Traditionally that's been done with a username and a password. Unfortunately, that's not a very good way to do it. Usernames are often easy to discover; sometimes they're just your email address. Since passwords can be hard to remember, people tend to pick simple ones or use the same password at many different sites.

That's why almost all online services - banks, social media, shopping and yes, BIEASES too - have added a way for your accounts to be more secure. You may hear it called "Two-Step Verification" or "Multifactor Authentication" but the good ones all operate off the same principle. When you sign into the account on a new device or app (like a web browser) you need more than just the username and password. You need a second verification method - what we call a second "factor" - to prove who you are.

A factor in authentication is a way of confirming your identity when you try to sign in. This is also known as Strong Customer Authentication (SCA) in PSD2. For example, a password is one kind of factor, it's a thing you know. The three most common kinds of factors are:

  • Something you know - Like a password, or a memorized PIN.
  • Something you have - Like a smartphone, or a secure USB key.
  • Something you are - Like a fingerprint, or facial recognition.

How does multifactor authentication work?

When you're signing into your BIEASES account, and you enter your username and password. If that's all you need then anybody who knows your username and password can sign in as you from anywhere in the world!

But if you have multifactor authentication enabled, things get more interesting. When you sign in on a device or app you enter your username and password as usual, then you get prompted to enter your second factor to verify your identity.

You might be using the Microsoft Authenticator app (or Google Authenticator app) as your second factor. You open the app on your smartphone, it shows you a unique, dynamically created 6-digit number that you type into the site and you're in.

If somebody else tries to sign in as you, however, they'll enter your username and password, and when they get prompted for that second factor they're stuck! Unless they have YOUR smartphone, they have no way of getting that 6-digit number to enter. And the 6-digit number in Authenticator changes every 30 seconds, so even if they knew the number you used to sign in yesterday, they're still locked out.

Updated 4 months ago