As I've been saying throughout this series of posts, it seems that this statement is exactly what we are doing in the world of authentication! None of the typical factors of authentication have really solved our authentication and access problems, yet we continue to use the same mechanisms over again.
problems + problems = problems
For example, classic 2-factor authentication combines a password, something you know, with a fob or token, something you have. The user first enters their userid and password then, if those are correct, they are prompted to type in the time- or sequence-dependent PIN from their token. The idea is fine... if someone steals the password, they can't get in without the token. If the token is lost, it can't be used on its own.
There's just one problem here (well, there are a bunch of problems, but one cause for the problems)... this system needs to be used by a person. Many users will store their token with the system with which its used, i.e. in their laptop bag or on their desk. Yes, some people do put their fob on their badge lanyard (badges, we don't need no steenkin' badges!), but I've seen plenty of badges left on desks or put in laptop bags as well! Some people consider the "safety" of use of the fob as permission to choose a weak password. Yes, you can put policies in to prevent that, but then the password will be written down and stored... in the laptop bag.
Now, there are some advantages. The fob, the thing you have, provides an authentication string and is one less thing to memorize. The combining of authentication factors does, at least theoretically, strengthen the overall authentication process. But it's important to recognize that all the deficiencies we've discussed are still there. MFA is no panacea!
The key here is to use the right tools for the job. Know your user and know your use case. I'll expand on that next time.