Security for environments with no internet access. Unlike standard MFA, this relies on offline methods like QR codes or hardware tokens to verify identity.

Utilizing unique biological traits such as fingerprints or facial recognition to grant access to systems and applications.

The modern standard for phishing-resistant authentication. It uses public-key cryptography to eliminate the risk of credential theft.

A cost-effective MFA method where users are challenged to provide characters from specific coordinates on a grid.

Multi-factor authentication (MFA) is a method of identity verification where users are asked to prove two or more identity factors before gaining access to a digital system or application. Identity factors are considered to be:

1. Something you know (like a password)
2. Something you have (like a phone)
3. Something you are (like a fingerprint)

By combining more than one identity factor, user accounts are more secure and less susceptible to cyber attacks such as password spraying, brute forcing, and even phishing.

A user-friendly method where a login attempt triggers a notification on the user’s smartphone, requiring a simple “Approve” or “Deny.”

An enhanced version of push authentication where the user must enter a number displayed on the login screen into their app to prevent “MFA fatigue” attacks.

A dynamic 6-digit code that changes every 30-60 seconds, generated by an authenticator app or hardware fob.

A high-level attack where a proxy server intercepts a login session in real-time, allowing hackers to bypass traditional MFA by stealing session tokens.

A trial-and-error method used by attackers to guess passwords or pins by systematically trying every possible combination.

An automated attack where lists of leaked usernames and passwords are “stuffed” into other websites to gain unauthorized access.

A social engineering tactic where an attacker sends a flood of push notifications to a user’s device, hoping the user will click “Approve” just to silence the alerts.

Deceptive communications (emails, SMS, or sites) designed to trick users into surrendering their credentials or secondary authentication factors.

An Australian standard requiring financial institutions to maintain information security capabilities proportionate to their threats.

Cyber Essentials and Cyber Essentials Plus are UK-government certification programs that help organizations of all sizes to implement five critical cyber security controls: firewalls, secure configuration, access control, malware protection, and patch management.

A framework of eight essential mitigation strategies recommended by the Australian Signals Directorate (ASD) to protect organizations.

The EU’s rigorous privacy and security law that imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU.

The US Health Insurance Portability and Accountability Act, which sets the standard for protecting sensitive patient data.

The Payment Card Industry Data Security Standard, required for any organization that processes, stores, or transmits credit card information.

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) is a set of mandatory cybersecurity and physical security standards for the protection of energy infrastructure.

The process of moving data and applications away from public cloud providers and back onto on-premises or private cloud infrastructure.

A gateway that allows legacy systems and appliances to utilize modern MFA by proxying the Lightweight Directory Access Protocol.

A deployment model where the MFA solution is hosted entirely within the organization’s own data center, providing maximum data control.

A networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) for users who connect to a network service.

A protocol that secures RADIUS traffic by using Transport Layer Security (TLS), ensuring that authentication data is encrypted while in transit.

SCADA is a system of software and hardware that enables organizations to remotely monitor, control, and collect real-time data from industrial processes and critical infrastructure.