multi-factor authentication (MFA) refers to authentication that combines two or more of the three authentication factors: "knowledge," "possession," and "biometrics."
"Knowledge" → Passwords, PIN codes, security questions, etc.
"Possession" → Mobile phones, hardware tokens, IC cards, etc.
"Biometrics" → Fingerprints, veins, voice patterns, irises, etc.
Setting a strong password is the first measure to protect your account. However, many users still set easily guessable passwords, and even if a strong password is set, if it is reused across multiple services, there is a risk of multiple accounts being compromised through password list attacks. As the number of accounts to manage continues to increase, the reliance on memory for password authentication is reaching its limits.
The main benefit of introducing MFA is that it significantly enhances security. In particular, elements like facial recognition and fingerprint recognition, which can only be presented by the user, and possession elements are difficult to copy or steal, making unauthorized access to accounts by third parties extremely difficult.
Based on FIDO standards, a passkey is a passwordless authentication technology that turns your PC or smartphone into a "digital master key."
Login is completed simply by unlocking your device (via biometrics, etc.), completely eliminating the need to remember or manually enter passwords.
In short, it is a system that allows you to log in using only your device's lock screen (face or fingerprint recognition) instead of typing in a password.
Passkeys come in different types, such as Device-bound passkeys and Synced passkeys.
For more details on passkeys, please refer to the following link.
「パスキー」で多要素認証をより安全&スマートに(情報処理推進機構)Note: The linked website is in Japanese.
This is a high-security method where the key is isolated within specific hardware, such as a security key (e.g., YubiKey), and cannot be duplicated or synchronized externally.
Sign in securely with Windows Hello
This is a highly convenient method where passkeys are shared across multiple devices via services like iCloud Keychain or Google Password Manager, allowing for easy transition when switching to a new device.
Note: When registering to Google Password Manager using a Google Workspace account (@keio.jp):
If you log out of that account, you will be unable to log back in unless you have registered an additional authentication factor.
We recommend registering with a different Google account (@gmail.com) instead.
Examples:
This is the newly adopted authentication infrastructure system for keio.jp accounts.
Passwords and multi-factor authentication factors are also managed by this system.
This app is used for multi-factor authentication (user verification) within the Okta system.
It is used to approve logins and generate authentication codes.
This is a password-free authentication feature that uses the Okta Verify app.
By utilizing biometric authentication methods—such as facial recognition or fingerprint recognition—registered on your device,
you can skip the hassle of entering a password and sign in more securely and smoothly.
This is a disposable authentication code (one-time password) that is updated at regular intervals.
You complete the second step of identity verification by entering the numbers displayed in the various apps that generate TOTP codes.
Note: When registering to Google Authenticator using a Google Workspace account (@keio.jp):
If you log out of that account, you will be unable to log back in unless you have registered an additional authentication factor.
We recommend selecting "Use Authenticator without an account."