In today’s digital world, passwords alone are not enough to keep our online accounts safe. Cybercriminals are constantly finding ways to steal login credentials, whether through phishing scams, data breaches or malware. This is where multifactor authentication (MFA) comes in.
MFA is a security feature that adds an extra layer of protection beyond just a password. Even if a hacker gets hold of your password, MFA makes it much harder for them to access your account. That doesn’t mean you’re off the hook when it comes to using strong passwords, but it can make a difference between an account being hacked or not.
What Is Multifactor Authentication?
MFA requires users to provide two or more forms of verification, called factors, before they can log in.
These verifications usually fall into three categories:
- Something you know – A password, PIN or security question answer.
- Something you have – A phone, security key or authentication app.
- Something you are – A fingerprint, facial recognition or voice ID.
For example, when you log into your online banking account, you might enter your password (something you know) and then receive a one-time code on your phone (something you have). Only after entering both can you access your account.
Why Is MFA Important?
- Prevents unauthorized access – Even if a hacker steals your password, they still need the second verification factor to get in. There are some ways around that, but it makes it much tougher on them.
- Protects against phishing attacks – Many phishing scams trick people into revealing their passwords, but MFA acts as a safety net. Just like any safety net though, it’s not meant as a primary defense.
- Safeguards sensitive data – MFA is widely used in banking, health care and other industries to protect personal and financial information.
Common Types of MFA
- SMS or email codes – A temporary code is sent to your phone or email. This is considered the least secure but is better than nothing at all.
- Authenticator apps – Apps like Google Authenticator or Microsoft Authenticator generate security codes that recycle on a regular basis. Since we all tend to carry our phones with us at all times, this is often chosen as the best mix of security and convenience.
- Biometric authentication – Fingerprint scans or facial recognition on your smartphone.
- Hardware security keys – Physical devices like YubiKey that must be plugged into your computer. These are very secure; however, it can be inconvenient when you need to access an account, but don’t have the device with you.
How to Enable MFA
Most online services, including Gmail, Facebook and banking apps, offer MFA. You can usually find the option in the security settings of your account. Choose your preferred method and follow the instructions to set it up. At times you may see it called two-step authentication. There is a technical difference between that and MFA, however for practical purposes it does the same thing.
Conclusion
Multifactor authentication is a simple yet powerful way to protect your online accounts. It does not replace a strong password and it is not unbeatable, however while it may seem like just an extra step, it significantly reduces the risk of account hacking and identity theft. Enabling MFA is one of the easiest things you can do to keep your digital life secure.
Erich Kron is a Security Awareness Advocate at KnowBe4. He is a veteran information security professional with over 25 years’ experience in the medical, aerospace manufacturing and defense fields, author, and regular contributor to cybersecurity industry publications. He is the former security manager for the US Army’s 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, SACP and many other certifications.
