Doppler Logo

Glossary

Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) was conceived as a solution to a primary issue with password integrity: people. Passwords remain necessary to prevent unauthorized access to secure systems, but the password is only as secure as the person operating it. For instance, writing a password on a physical note leaves it readable to anyone walking by. There are plenty of digital ways to lose control of your own passwords, too. An email that downloads malware, a bad URL that sends you to a phishing website, or using a predictable password like 1234, ‘password,’ or your name, just to name a few.

In single-factor authentication, losing control of your password means losing control of the associated account. If this account stores protected health, financial, or personally identifiable information, losing control of your own account could be disastrous, but for developers with access to entire databases of information like this, the results can be much, much worse.

Multi-factor authentication was developed to address the ease with which passwords can be leaked. It requires a second verification method on top of your password, preferably through a different medium. After entering a password or credentials of another sort, MFA systems ask for this additional verification method, which might be a code delivered via email, text message, or another service.

Even if you’re confident in your personal password management systems, there are still risks outside of your control. If a breach at a different company leaks your password (or a coworker’s password), it can lead to a breach in your systems that you had no part in generating. Multi-factor authentication buys you time. Sure, your password has been compromised in this third-party breach, but since your text messages are not accessible to this hacker, you may update your password to regain full security.

Multi-factor authentication isn’t a perfect solution and shouldn’t be your team’s only defense, but it is a very effective method of preventing unauthorized access to secure systems.

Back to glossary
Share
Enjoying this content? Stay up to date and get our latest glossarys, guides, and tutorials.

Related Content

Explore More
Common questions for enterprise secrets management
Security
Common questions for enterprise secrets managementDoppler empowers enterprises to focus on innovation and development rather than struggling with credential management.
Read More
Improving SOC criteria with Doppler
Security
Improving SOC criteria with DopplerFeatures like User Groups, Logging, and Automated Rotation help development teams meet SOC 2 compliance requirements and strengthen security practices.
Read More
Securely sharing secrets across distributed teams
Security
Securely sharing secrets across distributed teamsLearn how to securely share secrets like API keys and credentials across distributed teams while avoiding common security pitfalls
Read More

Enter the new era of secrets management

Trusted by the world’s best DevOps and security teams. Doppler is the secrets manager developers love.

Start for FreeGet Demo