Multi-factor Authentication
Last updated
Last updated
Multi-factor Authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to a resource such as an application, online account, or VPN. This method enhances security by combining multiple forms of identification, such as something you know (password), something you have (smartphone), and something you are (fingerprint).
Verification factors fall into 3 main categories which are;
Something you know- This is usually a password or a PIN that a user should know.
Something you have- This involves a physical item that the user has like a smartphone, smart card or a security token.
Something you are- This factor relies on biometric characteristics such as fingerprints, facial recognition, etc.
An example of MFA is logging into your online banking account with a password and then receiving a one-time code on your mobile phone that you need to enter before gaining access.
The principle of MFA is to add additional layers of security to the authentication process. By requiring multiple forms of verification, it reduces the likelihood of unauthorized access, as it is more challenging for attackers to compromise multiple authentication factors simultaneously.
Let's design a multi-factor authentication system that first verifies the user through a username and password and then sends an OTP to the registered email. The user then uses that OTP to log into the system.
The code demonstrates a simple implementation of Multi-factor Authentication (MFA) by combining a password and a One-Time Password (OTP). It simulates a user database with a predefined username and password. The send_otp
function generates a random 6-digit OTP and "sends" it to the user's email, which is simulated by printing the OTP to the console. The verify_password
function checks if the entered username and password match the stored credentials. After successful password verification, an OTP is generated and displayed. The user is then prompted to enter the OTP. The verify_otp
function checks if the entered OTP matches the generated one. If both the password and OTP are correct, access is granted; otherwise, it is denied. This code exemplifies the principle of MFA by requiring two forms of authentication before granting access.