Multi-Factor Authentication Explained

I’m sure you’ve seen the message asking you to set up multi-factor authentication (MFA) on your social media accounts, online bank apps or email, and I know what you’re thinking, “Great, another step to login.” While it does add an additional step to the login process, it is crucial to keeping your accounts more secure.

But what’s the worst that can happen if you don’t set up MFA? Well, passwords are generally easy for scammers to crack, and even if you use strong passphrases, there’s still the possibility that a cybercriminal can obtain your passphrase in a data breach. Once they gain access to your account they can steal your money or personal information, infect your devices with ransomware or impersonate you online. MFA is the only way to maximize your security and ensure that you are the only one who can gain access to your accounts.

What is multi-factor authentication (MFA)?

Experts from Google and Microsoft estimate that implementing MFA can block 99.9% of account attacks. MFA, previously referred to as two-factor authentication (2FA), is an extra layer of defense beyond just your password or passphrase. When using MFA, you need two or more credentials to verify your identity. These credentials, also called factors, are any of the following:

  • Something you know, such as a code or PIN.
  • Something you have, such as a smartphone.
  • Something you are, such as a fingerprint.

You may already be using MFA without even realizing it. When you use your debit card (something you have) and enter your PIN (something you know) to access your account at an ATM, you are using MFA. 

What are the common options for MFA?

The most popular form of MFA for online accounts is when a numeric code is sent to your phone, which you then enter into the account’s login screen to gain access. This includes something you know (the code) and something you have (your phone). 

In this case, a cybercriminal would have to steal your phone, intercept the message, or remotely hack into your phone in order to gain access to the code and log in to your account. To prevent them from hacking your phone, set up a passcode or, even better, use touch or face ID.

Another common form of MFA that is gaining popularity is the use of an authenticator app, such as Google Authenticator. When using an authenticator app, you will download the app to your phone, then connect your account to the app by entering a secret key into the app, which is provided by your account. This establishes a secure connection between your account and the authenticator app. Whenever you log in to your account, the authenticator app will generate a unique 6-8 digit code that is required to access your account.

How do I set up MFA?

Nowadays, most apps, websites and accounts offer the option to set up MFA. Check for the option to set up MFA under your account or security settings on your online banking, social media, email and any other accounts.

Once you have set up MFA, learn how to create a strong passphrase to add an extra layer of security to your accounts.