Multi-factor authentication (MFA) is a layered approach to securing
What is Multi-Factor Authentication?
It goes by many names: Two Factor Authentication, Multi-Factor Authentication, Two Step Authentication, MFA, 2FA. They all refer to using a combination of something we have, something we know, or something we are when confirming we are who we say we are online.
Your bank, your social media network, your school, your workplace… they want to make sure you’re the one accessing your information, and more importantly, they want to prevent unauthorized individuals from accessing your account and data.
So,
- They’ll ask for
something you know …. like a PIN number or a password, along with Something you have …. like an authentication application or a confirmation text on your phone, orSomething you are …. like a fingerprint or face scan.
Two steps are harder for a hacker to compromise. So, prove it’s you with two … two steps, that is.
Now that you know what it is, you’ll see prompts for multi-factor authentication all over. So whenever available - opt-in. Start with your email account, then financial services, then social media accounts, then online stores, and don’t forget your gaming and streaming entertainment services!
And if you don’t see a prompt for multi-factor authentication on one of these accounts, send a note to each company asking them to enable the feature. After all, it’s your security at stake!
How Do I Enable MFA?
Start by looking at the security settings on your most-used accounts. You may see options to
There are many ways you may be asked to provide a second form of authentication:
- Text Message
(SMS) or Email: Every time you login to an account, you’ll be asked to provide a code sent to you by text message or email.Of note, this is actually the weakest form of MFA and you should only use it if none of the other options is available. - Authenticat
or App: An authenticator app is an app that generates MFA login codes on your phone. When prompted for your MFA code, you launch the app and read the applicable number. These codes often expire every 30 or 60 seconds. Push notification: Instead of using a numeric code, the service “pushes” a request to your phone to ask if it should let you in. You see a pop-up and can confirm the login request, or deny it if you were not initiating the authentication request. - FIDO Key: FIDO stands for "Fast IDentity Online" and is considered the gold standard of multi-factor authentication.
The FIDO protocol is built into all major browsers and phones. It can use secure biometric authentication mechanisms – like facial recognition, a fingerprint, or voice recognition – and isbuilt on a foundation of strong cryptography . Often it uses a physical device – a key – essentially an encrypted version of a key to your house. More information on FIDO keys is available from the FIDO Alliance.
Why Should Your Organization Enable MFA?
Implementing MFA makes it more difficult for a threat actor to gain access to information systems, such as remote access technology, email, and billing systems, even if passwords are compromised through phishing attacks or other means.
Adversaries are increasingly capable of guessing or harvesting passwords to gain illicit access. Password cracking techniques are becoming more sophisticated and high-powered computing is increasingly affordable. In addition, adversaries harvest credentials through phishing emails or by identifying passwords reused from other systems. MFA adds a strong protection against account takeover by greatly increasing the level of difficulty for adversaries.
Are you an organization that needs help getting started implementing MFA? Here’s a
Additional Resources for Consumers
Multi-Factor Authentication Fact Sheet
4 Things You Can Do to Stay Cyber Safe
Additional Resources for Organizations
Capacity Enhancement Guide for Organizations: Implementing Strong Authentication
Multi-Factor Authentication (MFA) - Glossary from NIST