Multi-Factor Authentication (MFA)

It’s unfortunate but true. No matter how strong and unique, passwords aren’t enough to secure your accounts. Thousands of companies get hacked, and their consumer databases, containing personal information from billions of users, have been published on the internet and sold to hackers. In today’s world, passwords aren’t enough to protect you.

Multi-Factor Authentication (MFA) or 2-Factor Authentication (2FA) stops cyber crooks in their tracks even if they have your password! Yes, MFA is an extra step, but the peace of mind you’ll gain from knowing you are safe from theft and identity theft makes a small effort worthwhile. Just stop and think about the potential financial loss and the amount of time it would take to repair your life and your credit if someone were to steal your identity or gain access to your financial accounts.

The concept: Something you know + something you have

Multi-Factor Authentication (MFA) requires an additional step when signing in to a website or app. The first authentication is your password (something you know). The second step requires something in your possession. For most of us, that involves a smartphone, but it could be a physical security key.

This means that even If your password is stolen, a thief still cannot access your account! The second step in MFA is usually one of the following:

• A code sent by text message to your smartphone (also known as SMS). This is the least secure.
• An authenticator app that provides a time-based code that is connected to your account.
• A “push” notification that you must respond to sent to an app on your smartphone.
• A biometric device, like a fingerprint reader or a facial scanner.
• Ÿ A physical device like a YubiKey.

Start with your email account

It is absolutely critical to secure your email account with MFA. Why? Because password resets normally use a message sent to your email account for verification. A hacker with access to your email account doesn’t have to know your passwords–he can reset them, locking you out while letting him in.

How does MFA work with your accounts?

You’ll have to visit your accounts to learn how they have implemented MFA. Google, for instance, permits you to choose from text messages, voice calls, or their mobile authenticator app. The fastest and most secure option is the authenticator app, which can be used with many other accounts. The Google Authenticator app shows codes for several connected accounts in the image below. Each code is good for just 20 seconds before being replaced with a new one.

Many companies and organizations use a 3rd party service. For instance, Arizona State University uses a popular service called Duo. When I sign in to my ASU account, I select Send Me a Push from the browser window, then Approve from my smartphone.

As you can tell from the examples above, a hacker with my password still cannot access my account because he doesn’t have physical possession of my phone!

All of these solutions require you to download a small app to your smartphone and connect it to the account.

Get started today!

Early in 2021, a massive set of hacked user names and credentials was posted online. It was dubbed the “Compilation of Many Breaches,” or COMB. The data included user names, emails, and some passwords for around 3.2 billion people. Hackers combined the information garnered from hundreds of hacked databases from companies like Yahoo, LinkedIn, Netflix, and Adobe. Protect yourself from fraud and identity theft by doing the one thing that stops hackers in their tracks– Multi-Factor Authentication!

Review Questions