Multi-Factor Authentication

Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) has been around a long time and provides an additional layer of security to your accounts.

It is a process of using something you know (password) with something you have (token) to provide secure access. Additional MFA uses something you are (biometric, like fingerprints or retina scans) for added security.

Think of your ATM card as a token and your PIN as the password and you get a sense of MFA.

MFA requires a one-time initial setup and may have other requirements to reinitialize if the token needs to be replaced.

Using MFA increases security but does not guarantee it. Think of it as an additional deterrent like double locking a door with a deadbolt.

Never approve an MFA request that you did not initiate.

This 3 minute video (sorry if there is an ad) talks about two-factor authentication.

Visit TwoFactorAuth.org for a full list of sites that offer multi-factor authentication.

More information available from the Cybersecurity & Infrastructure Security Agency at cisa.gov/MFA

Set up MFA on Your Accounts

You should set up multi-factor authentication on as many accounts as you can. It is an extra step to access, but it provides a greater level of security. Some recommended accounts to secure with MFA are:

Bank and credit card accounts
Apple ID
Google Account (Gmail)
Microsoft Account
Cellular phone provider account

SMS Authentication

Some accounts use text or SMS messages for authentication. This can happen when you register a mobile phone number with your account.

Pros:

Easy to switch to a new device

Cons:

Relies on cellular service, which can be troublesome with areas of poor cellular coverage and international travel
Susceptible to SIM swapping

Authenticator Apps

Authenticator apps are software-based token for MFA that uses your phone whenever you log in. While not difficult to set up, it can be challenging when moving to a new phone. You will need to know how to back up and restore the authenticator database to the new phone.

Authenticator apps can work with push notification, allowing you to approve or deny the connection request, secure passcode, a series of numbers that you type in, or by having you confirm

Pros:

Additional security specific to your device
Convenient access
Off-line access with one-time passcode (OTP)
More secure than SMS

Cons:

Difficult to move to a new device without access to old one

Microsoft Authenticator

You will need a free Microsoft account to use all of the features.

Google Authenticator

Uses a Google account.

Duo Security

Duo is an enterprise solution that would be offered by your organization.

Authenticator Tokens

Duo, Yubico YubiKey and Google Titan

If an app on your smartphone is not for you, there are several hardware alternatives for a MFA token. Most are USB (even USB-C) with some Bluetooth options.

Using a token adds to the security to computers, are not compatible with iPhones and only compatible with some Android phones. These are primarily used in business environments.

Pros:

One of the more secure methods

Cons:

Not universally recognized or supported; inconsistent smartphone support
Must be set up on each device
Less convenient than app

Page updated

Report abuse