Extra steps required to log in to your bank account, a mobile device or a work application can be annoying. But the extra annoyance is a small price to pay for better security and protection of confidential data.

Two-factor authentication (2FA), the most common way of verifying user credentials, involves the typical username/password combo, along with a separate code that is sent to a cell phone tied to the account. This is much stronger than a username/password alone, though hackers have ways to get around it.

Multi-factor authentication, or MFA, is more secure because it is more complex. MFA typically requires an additional method of verification via biometrics such as voice, fingerprint, retina or behavioral recognition. When you log in to a banking app with your fingerprint, for example, that’s MFA.

The answer is … it depends

Multi-factor authentication is more secure because it is more difficult for hackers to work around. It’s much easier to access a pin or code than replicate a unique biometric such as a voice or fingerprint.

However, whether it’s the right option for you depends on factors other than security, including cost, complexity and convenience. Consumers sometimes have no choice whether to use MFA — if their credit card company requires voice recognition for customer service calls, they have to comply — but businesses can and should weigh the pros and cons before deciding to implement it.

In general, businesses in highly-regulated industries like healthcare and finance should strongly consider MFA. A hospital might want to require retina scans for employees to access labs with dangerous chemicals or highly-addictive drugs, while a bank might want to require fingerprint scanning for employees to access systems that contain sensitive personal information belonging to customers.

Organizations in industries that aren’t as highly regulated or handle less sensitive information may only need MFA for certain applications, databases or physical locations in the building. Access can be limited where the most sensitive data is contained, but MFA may not be cost effective elsewhere.

Drawbacks of multi-factor authentication

There are some challenges that come with this additional layer of security, too. Biometrics can’t be re-credentialed like a password. Once biometrics are set, they’re set for good because authenticators like fingerprints don’t change.

Biometrics can also be frustrating for users. Ever tried to use your fingerprint to access an app, only to try several times without success? The most accurate biometric scanners can be highly sensitive and difficult to use.

Biometrics aren’t impossible to fake, though it’s difficult, and the technology is expensive to implement. The cost can be a major barrier, particularly for small businesses. The database containing your company’s biometric information must be carefully protected, too, because it would be a gold mine for hackers.

MFA is great, but it’s not enough

Despite the drawbacks, MFA is a strong method of user authentication and data protection. However, it’s important to keep in mind that it is just one small piece of a very large cyber security puzzle.

A broad and far-reaching cyber security defense should include implementing a firewall, creating and enforcing cyber security and data use policies, regulating access to sensitive data from mobile devices, requiring safe password practices, using anti-malware software, backing up data and much more.

And, since more than half of data breaches are actually caused by insiders like employees and contractors, not hackers, all businesses should consider using employee monitoring software to detect and prevent insider threats. Click below to learn more about Teramind.

Insider Threat Detection