What is Multi-factor authentication (MFA) and Do I Need It?
Multi-factor authentication (MFA) is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login.
From keeping important emails safe to securing your online banking, this process could save you from a serious security breach.
But what is Multi-factor authentication, and how does it work?
‘Double Checking’ who you are
Multi-factor authentication provides an extra layer of security to ‘double-check’ that you are the person you claim to be.
It is a service that adds a second layer to passwords when signing in to online services.
The service will ask you to provide a ‘second factor’ when setting up Multi-factor authentication. This tends to be something that only you can access.
Normally this is sent as a code sent to your mobile phone or a dedicated app that provides a generated code.
So why should I bother?
Implementing Multi-factor authentication makes it more difficult for a threat actor to gain access to business premises and information systems, such as remote access technology, email, and billing systems, even if passwords or PINs are compromised through phishing attacks or other means.
Hackers are becoming more and more sophisticated with how they implement attacks. Password cracking techniques are becoming more advanced and high-powered computing is increasingly affordable.
Multi-factor authentication significantly increases security with a second layer of protection against attacks.
How do I set Multi-factor authentication up?
Some online services have Multi-factor authentication switched on automatically, however, some will need to switch on yourself.
If available, the option to switch Multi factor authentication on is usually found in your account’s security settings (it could be called two-step verification).
How does it work?
When Multi factor authentication authentication is switched, you must provide a ‘second factor’ to access your account.
There are several types available and include:
- Text message: The most popular method is through your mobile phone. The service would normally send a text containing a code by providing your mobile number. This code is then inputted to provide an extra layer of security. Some services occasionally use a voice message if you find this easier.
- Authenticator Apps: Google (Authenticator) and Microsoft (Authenticator) provide mobile phone apps that add extra security. Installing one of these on your phone acts as another security layer. These apps offer many advantages over text messages, such as not needing a mobile signal or waiting for a text message to arrive.
But Multi-factor authentication isn’t available. What should I do?
Multi factor authentication isn’t always available. The National Cyber Security Centre wants it to be available on all services that might hold your data or spend money.
As a general rule, for any service that doesn’t support Multi-factor authentication, a strong, unique password is required.
Using random letters, numbers and symbols to create these passwords make it harder for a cybercriminal to break.
You may even want to consider switching to a like-for-like service that does offer Multi factor authentication.
If you require stronger protection than two-factor authentication, why not use it as part of a larger IT security package?