I came across an article on Multi-factor Authentication: Best Practices for Securing the Modern Digital Enterprise from Ping Identity Office of the CTO.
There is this nice diagram illustrating the various authentication mechanism.
1. Something you know (for example, a password or a PIN).
2. Something you have (for example, a mobile phone or a token).
3. Something you are (for example, a fingerprint or other biometric data).
Generally, combining multiple authentication factors results
in a higher Level of Assurance (LoA) that the individual
attempting to authenticate is actually the individual in
question. Because even if one of the factors has been
compromised, the chances of the other factor also being
compromised are low.
Authentication mechanisms can also be distinguished
by whether they use the same channel where the user
accesses the application, or a separate channel that’s
dedicated for authentication.
In the market today, there is yet another type of authentication which is picking up traction - Risk Authentication.
I have this nice diagram from CA Risk Authentication data sheet.
CA Risk Authentication can detect suspicious activity for consumer and enterprise online
services without burdening users. This multi-channel risk assessment solution transparently
detects and prevents fraud before losses occur.
This usually works together with MFA solutions for Step-Up Authentication.
Technical aside, what's the business case for using MFA and Risk Authentication?
Compliance regulations and industry guidelines are increasing their emphasis on stronger
authentication to protect data. Organizations do not want to deploy overbearing
authentication systems that require repetitive user interaction because of the negative
affect on user experience, which impacts both the adoption of online services and customer
loyalty.
The overall challenge is to detect and block fraudulent activity before losses occur
with minimal impact to users.
.
