All You Need to Know About Multifactor Authentication
In our digital world, passwords are as much a part of our lives as Netflix and Amazon. Keeping information stored in dozens of accounts across the web can make it easier to stay on top of your finances, order a new pair of jeans or even schedule a dentist appointment. Unfortunately, though, passwords can be relatively easy for scammers to hack, opening the door for identity theft, credit card fraud and more.
Here’s where multifactor authentication (MFA) comes into play. As a means of securing your information, MFA provides an extra layer of protection for your accounts and sensitive data.
Here’s all you need to know about MFA, how it works and why it’s an important step in protecting your information.
How multifactor authentication works
Multifactor authentication utilizes two or more factors to allow the user to sign into an account. Generally, these will consist of something the user knows, like a password or PIN, along with one or both of the following:
- Something the user has. This can include a phone, key fob or smartcard.
- Something the user is. This can include an iris or fingerprint scan, or voice or facial recognition.
Accounts that use MFA will not allow the user to sign into their account unless both factors are verified.
Why multifactor authentication is crucial for protecting sensitive information
While passwords can provide some protection against hackers, they’ve proven to be an abysmally weak barrier against hackers. A recent study(link is external) by Digital Shadows, a digital risk protection company, found evidence of approximately 15 billion passwords and logins floating around the darkweb as a result of 100,000 data breaches. These passwords are up for sale to other cybercriminals, potentially providing them with access to the victims’ financial accounts, credit card information, Social Security data and more.
In addition to opening up the door to sensitive information, a single password can give the hacker entry into a victim’s private life. For example, by hacking into a victim’s Google password, the cybercriminal now has access to their email history, which can include important correspondence and other information; calendar, which can provide a complete picture of the victim’s upcoming events and meetings; YouTube account, which unlocks the victim’s viewing history and uploads, and any other apps that allow users to sign in with a Google account, such as Asana and Mint.
Unfortunately, passwords can be cracked by amateur hackers, even without a data breach. Many consumers make it even easier for hackers to break into their accounts by using weak, ineffective passwords that are simple to guess, and by using the same password across multiple accounts. For these reasons, using MFA when available — especially for accounts that store highly sensitive information — is crucial for ongoing security and protection. This way, in the event of a data breach or hack providing a criminal with your password or login credentials, your information will still be protected. Without access to your account’s second factor for authentication, the hacker has no way to gain entry into your account.
Where you may encounter MFA
In general, the more sensitive the data an account stores, the stronger security measures the company hosting or providing the account will use. Consequently, you’re most likely to encounter MFA on banking apps and accounts, money management apps, investment apps and the like. Depending on your line of work, you may also need to use MFA to sign into your personal workplace account. Finally, some retailers may offer clients the option of using MFA to sign into their accounts.
Under each of these and similar circumstances, using MFA means a login time that’s a bit longer and more complicated than just inputting a password or PIN. However, measuring this inconvenience against the time, stress and money it will take to recover from a potential data breach makes it more than worth the extra few minutes.