Why you need Multi-Factor Authentication to keep your data and accounts secure

Strong passwords plus multi-factor authentication build instant CyberSecurity street credibility.  Your accounts and data become more secure because it’s harder for malicious attackers to get ahold of two methods of verifying your identity, rather than just one. In this article, we will explain MFA methods and why it’s worth using MFA on all your accounts.

What is Multi-Factor Authentication?

MFA provides an extra layer of protection to prevent your credentials from being compromised by using something you know (your password) plus something you have (your mobile device, an authenticator app, hardware token) in order to secure your account. The more layers of authentication you have, the more security you have because you’re less vulnerable to password-cracking attacks.

How is Multi-Factor Authentication different from two-factor authentication?

Let’s keep it simple: the former means that there are only two ways to confirm you are who you say you are (e.g. enter a password and a text). The latter means that there are more than two ways to confirm you are who you say you are (e.g. enter a password and text and hardware token or biometric scan).

Weak vs. strong types of MFA

Yes, there are weak forms of MFA. The National Institute of Standards and Technology (NIST) says this: SMS is the weakest type of MFA, so only use it as a last resort when no other MFA option is available. In order of weakest to strongest form of MFA: SMS, phone call, e-mail, authenticator app (like Google authenticator), hardware token (like YubiKey), lastly biometric (face or fingerprint).

The strongest types of multi-factor authentication are biometrics, hardware tokens or authenticator apps.

 Yes, MFA is worth the effort!

With recent data breaches such as Marriott Hotels, Facebook, and Under Armour, malicious attackers took the information from these breaches then utilized people’s re-used passwords to get into other user accounts (e.g. banking, social media, e-mail). The extra few moments it takes to enable MFA is always worth the lost data; plus, with MFA enabled, that extra CyberSecurity layer would have made it much harder for an attacker to gain account access.

With all of the news about corporate data breaches and hackers it can be daunting to try to protect your online accounts. However, something as simple as adding MFA to all your accounts is one easy thing you can do to ensure your accounts are as secure as possible and less prone to being compromised by an attacker.