What is multi-factor authentication and why should you use it?
We hardly even notice when there are big data breaches anymore. Did you even know that Facebook and LinkedIn both had major data breaches in the past month? Okay, they are calling them a data leak, not a breach. Whatever you call them, users’ personal information was exposed or stolen from both social media platforms. These examples of lost data make the use of multi-factor authentication even more important.
Multi-factor authentication, or MFA, adds a second stage to the login process that increases security. Microsoft, for instance, states that enabling MFA for their Microsoft 365 account login stops over 99% of all attempted account hi-jacks. That level of increased security seems like a no-brainer for me, but some people are still reluctant to do it. The good news is that MFA is gaining popularity and now applications make it easier than ever to use.
What is 2FA and how does it work?
MFA may be called two-factor authentication or 2FA. Either term refers to adding an additional means of identifying oneself in addition to a password. This second piece of identifying information uses something you have in addition to something you know. For example, you know your password, but that can be stolen. MFA uses a unique code from an application or text message to your phone to confirm your identity. This makes it much more secure than relying on only your password to secure your account.
Using an Authenticator App
Modern authenticator apps, like Google Authenticator or Microsoft Authenticator, make it easy to use MFA. These apps generate a code every 30 seconds used to confirm your identity. You simply log in to whatever website or app you are accessing, then enter the code for that app when prompted. If a crook doesn’t have your phone when you log in, they will not know the unique code.
Setting up your authenticator app for specific logins is typically as easy as scanning a QR code. For instance, in Google Authenticator there is a plus sign in the corner of the app screen. Simply press that and scan the QR code for the site for which you want to add MFA. The QR code is usually available in the security settings area of a website. For example, on Facebook, click the down arrow button in the upper right corner of the screen. Select “Settings & Privacy” then “Settings.” From the Settings menu select “Security and Login” and look for the section for Mutli-Factor Authentication. Click the button to turn on MFA and follow the prompts.
Do I have to use and authenticator app to use MFA?
There are other ways to set up MFA besides an authenticator app. Most sites will allow you to send a code via text message to your phone to confirm your identity. This works as well but is somewhat less secure than using an authentication app. Other methods will simply send a notice to your phone to confirm that it is you attempting to log in. Another method used is via email, but this is the least secure because if someone has access to your computer, they likely can get to your email. Any method is better than no MFA at all so choose whatever works best for you.
Should I still use a long, complex password if I use MFA?
I encourage the use of long passwords, making them complex is less important now than in the past. Today, computer programs systematically can guess combinations of characters in a password millions of times a second. This is called a brute force attack and is not used often anymore. Today, millions of stolen passwords are available to purchase on the dark web. The passwords come from breaches of huge databases like Facebook, Google or LinkedIn, to name a few. Because of this, password length and complexity are less of a concern as long as MFA is in place.
Using a relatively long password is still a good idea, but it can still be something easy to remember. Keep in mind that computers are guessing, not humans like seen in those movies from the 90s. Frankly, if you use a two character password in combination with Mutli-Factor Authentication, you’ll be more secure than a super long password and no MFA.
Don’t fight it, implement Multi-Factor Authentication wherever you can.
You most likely have MFA set up on at least a few online accounts already. Many financial institutions and medical organizations require it to further secure your information. But many people don’t think of other accounts that could do serious harm if they were compromised. A crook taking over your business email could do tremendous damage by acting as you. They may redirect customer payments to their own account or just damage your reputation. Keep in mind that emails sent by someone who has hi-jacked your account still appear to be coming from you.
A social media account controlled by a hacker could also result in serious problems for you. Imagine a friend or business associate seeing an offensive social media post. Even if the post is removed, the damage is already done.
There are so many ways that cybercriminals can do harm and manipulate their victims. Adding the extra layer of security that multi-factor authentication provides makes it worth the extra moments it takes to get logged in.