Multi-Factor Authentication (MFA)
Using MFA and different passwords for each account are two ways to make yourself much more difficult to hack.
Multi-factor authentication, also known as MFA, is one of the most important security elements you can utilise. Using MFA and different passwords for each account are two ways to make yourself much more difficult to hack. This article will look at what MFA is, why it’s important and how to configure it.
The key to MFA is 3 things:
- Something you know – such as a password or answers to personal security questions
- Something you have – such as a mobile phone or security tag device that is unique to you
- Something you are – such as a fingerprint, voice scan or facial recognition
A combination of some or all of these is what makes MFA work and makes it much more secure than a password on its own.
Most people already use MFA to some extent in everyday life, and maybe don’t even know it:
– The SMS message you get when you make an online banking payment to someone new
– The fingerprint scanner or facial recognition on your phone
– Being asked to answer personal security questions
These are all examples of MFA that are commonly used every day and people use them quite comfortably without thinking about it. I say this because the acronym or the term can confuse some people, however, as noted most people are already using it without even thinking about it.
Rule #1 of technology – don’t let the terminology confuse you or stop you from you getting an understanding of what’s going on.
MFA is important because it is much more secure than a password on its own. A password can be hacked with a brute force attack (trying different passwords until the right one is found) or other means and it is especially weak if you use the same password across multiple accounts as we have discussed in previous articles. Many people also tend to use short, uncomplicated passwords that are about something specific to a person that is easy to find out about. This is what a lot of friendly surveys on Facebook are doing when they ask you what your favourite colour is or your first pet’s name. These questions are often personal security questions and people unwittingly hand over this information and then seem confused when they get hacked a month later. In this day and age using passwords alone is not secure enough. That’s where MFA comes in.
Most common applications now support MFA so it’s common enough and some organisations such as Xero and Google are now starting to mandate people configure it. Banking has done it for years, so I won’t mention them here. MFA typically relies on sending you a pin code or email address to your mobile device that you then enter, but it can also include an automated phone call to specific number or notification on an app such as Authenticator (Google and Microsoft have one by that name). There is nothing complicated about it in most instances.
Configuring MFA is usually straightforward for most applications, especially the common ones. It’s typically a few steps to provide additional information such as your mobile number or using your mobile to scan a QR code. From there the additional method is verified and you are up and running.
If anyone would like to discuss the setup of MFA for a particular application, please let me know and we can write a How-To article for it. Most sites have good online help for setting up MFA as well.
MFA is one something everyone should be setting up at a minimum for their critical data such as online file storage, email (think about what you have stored in there) and critical accounts that contain personal information. Ideally, it should be across all your accounts, but it’s unlikely they’re all compatible so I recommend it should be across all account that supports it.
Couple MFA with complicated passwords like ^'”p_/$#xLYyLL9[CZ!c instead of BlueK1ttenColl@r and your security stance will improve dramatically. Of course, nothing is ever guaranteed but the harder you make it the more likely a hacker is to move onto an easier target.
For more information please contact me at firstname.lastname@example.org
Driving business optimisation through the intelligent use of technology.
FIND OUT MORE