Blog   |   Security   |   April 22, 2019

What is Multi-Factor Authentication (MFA)?

What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication, or MFA, is the requirement that users bring something tangible with them, in addition to knowing a password, when trying to login. The security concept is called “Bring Something, Know Something.” Futuristic examples include retina scanning or even DNA blood sampling, but there are more practical ways to perform MFA.
The physical device requirement could be as simple as a pre-authorized mobile phone that can receive a text. It could be a smartphone or smartwatch running a synchronized app. Multi-factor authentication solutions can be achieved by a proprietary keychain-size device that generates a unique token or a USB key that needs to be inserted into the computer a user wishes to login to. Insistence on requiring such a physical device, in addition to entering a password, decreases the likelihood that a hacker could log in remotely equipped only with the correct username and password.

Why is MFA important?

MFA is an important security tool because logins and passwords are easily found on the dark web. Additionally, computing power has accelerated to the point where “brute force” techniques have become practical, enabling hackers to use a computer to programmatically guess passwords. In situations when MFA is required, simply knowing the password is almost useless without having access to the associated physical device.
Similarly, MFA is not a substitute for complex passwords. A smart combination would be MFA plus passwords that are longer, more complex, harder-to-guess and are unique to each login platform. Any breach would be isolated and the damage could be mitigated.

MFA for Enterprises and Managed Cloud Services Providers (MSPs)

MFA is not unique to Amazon Web Services (AWS) or any of the other cloud vendors. Microsoft Azure, Google Cloud, other public clouds, and even on-premise data centers can all benefit from multi-factor authentication. Cloud administrators must know their role and do their part in the Shared Responsibility Model: The cloud vendors are responsible for the security of the cloud and the customer is responsible for security in the cloud. That applies to passwords in general and MFA in particular, as Identity and Access Management (IAM) falls within the domain of the customer.


The value of MFA is clear. Enterprises should enable MFA for their end users and service providers should encourage their clients to do so as well. With the public cloud’s Shared Responsibility Model, it is incumbent upon each organization, and ultimately each individual, to do their part to secure their resources. A user’s identity is perhaps the most important—and weakest—link in the security chain. Multi-factor authentication can reinforce that link.

Next Steps
Add unified secure configuration, activity monitoring and regulatory compliance to your cloud infrastructure with cloud management by CloudCheckr. CloudCheckr makes tracking IAM and permissions simple by centralizing control and applying best practices. Get started today with a live demo or free, 14-day trial.

Todd Bernhard headshot
About the Author

Todd Bernhard has been with CloudCheckr handling Product Marketing and Technical Evangelism roles since 2017. He holds multiple certifications including AWS Solutions Architect Associate, Microsoft Azure Fundamentals, Google Cloud Associate Engineer and FinOps Certified Practitioner. Prior to joining CloudCheckr, Mr. Bernhard was an award-winning, bestselling mobile app developer and entrepreneur and previously worked for Sun Microsystems, as an Evangelist, Sales and Technical Trainer and Product Marketing Manager for Sun’s high-end data center servers.