Everything you need to know about multi-factor authentication

Everything you need to know about multi-factor authentication

Usernames and passwords are a hacker’s favorite thing to steal target because one set can expose all of a business's data. Once inside, hackers can hijack your identity, lock you out of your account, and empty your bank accounts.

And they don’t even have to wear a ski mask to do it.

The easiest way to prevent anyone from stealing your account information is with multi-factor authentication (MFA).

What is MFA?

Multi-factor authentication is a security system that requires you to verify your identity by providing a combination of the following:

  1. Something you know – This could be a password or PIN code you set.
  2. Something you have – This involves temporary codes that are sent directly to devices only you have access to such as a mobile phone or a USB authenticator.
  3. Something you are – This includes biometrics such as fingerprint scans and face or voice recognition.

Online payment services like PayPal, for example, ask for your password (the first authentication factor) and a temporary verification code delivered via SMS (the second authentication factor) to log in.

Why enable MFA?

Passwords aren’t foolproof. Cybercriminals have advanced brute-force programs that can guess millions of password combinations in a second, but they often don’t even have to resort to such high-tech methods. They can trick you into giving away your password with phishing scams, or simply guess it if you’re one of the billions of people that sets one generic access code across all your accounts.

Answers to password reset questions, such as your mother’s maiden name or the city you grew up in, are also easy to obtain, especially since most of that information can be found on social media.

MFA makes it so that if a hacker manages to get hold of your password, they’ll be unable to break into your account unless they have access to the secondary authentication method.

“No, no, I swear I have a totally normal reason to ask for your mother's maiden name and a scan of your finger.”

The added security is also vital if you operate within a highly regulated industry like healthcare or financial services. While industry regulations like HIPAA or PCI-DSS don’t explicitly state that you need MFA, it’s tough to ensure the confidentiality and integrity of your most sensitive data without it. Failure to guard this information properly also results in fines, lawsuits, and damaged company reputation, so it can’t hurt to add another layer of security.

Which accounts need MFA?

In general, any account that contains confidential information must have MFA enabled. This includes online banking, eCommerce, email services, social media, and other cloud storage services.

Most of the popular online services you’re subscribed to should already have advanced security options built-in, but you can also use the Google Authenticator app to add MFA security to any of your accounts.

MFA isn’t sufficient by itself

Don’t forget that MFA isn’t a substitute for passwords; rather, it should complement them. For maximum protection, set long, unique, and hard-to-guess passwords across all your accounts. And if you have difficulty keeping track of all of them, use password managers like LastPass.

MFA paired with password best practices dramatically reduces the chances of an attack, and our security experts at Red Key Solutions can help you with both. Call us today to protect your accounts today.