Lately, it seems like hackers have the run of things. It seems every day we hear something about cyber security; “state actors”, cryptocurrency thefts, or websites releasing personal information. It sometimes seems like these hackers have magic on their side. They don’t. We don’t. But there is something that can help protect your accounts. Use multi-factor authentication (MFA).
Multi-factor authentication (or two-factor authentication, abbreviated as 2FA) is a step you take to secure your online accounts more tightly. MFA is when you use both a password and an alternate method to access your accounts (hence the 2FA). It isn’t a cure-all, but it will make you a harder target.
Passwords are a problem
Almost all accounts use a password (password, passphrase, or pin). Passwords are your base; something to build upon. But, by themselves, they can be cracked, guessed, or even stolen. We can make them too simple (easy for the hacker), too hard (too tough for us), and they are a single point of failure (when a hacker gets your password, they have the keys to the kingdom). Regretfully, the hackers are developing faster and better techniques at guessing, compromising, or bypassing the use of passwords, so this method will only get weak with time. So now is the time for multi-factor authentication.
Multi-factor authentication uses something you know, something you have, and something you are to authenticate who you are. It requires two of the three things to authenticate. This means, if any one of the two is compromised, a hacker must still break the second method of authentication to gain access to your account. Think of it this way, to access your bank account via ATM, you need to have your debit card and your pin. If somebody gets your card, they don’t have your pin, and vice versa.
In most cases, you will use a password (something you know) and your phone (something you have) in the authentication process. Your phone, which has a unique cellular number, may receive a unique code via SMS to be supplied, have an authenticator application installed (like Google or Microsoft Authenticator), or allow for a bio-metric reading (like your fingerprint, which you may use to access your phone already). You can use something other than your phone, but this seems to be most common for the everyday user.
Using multi-factor authentication
You will set up multi-factor authentication for each account individually. You may set up more than one method to use with an account and each account may use a separate set of authentication methods. The mobile app is usually considered the most secure, but it is tied to your phone, so if you lose it, you’ll have to go through the setup again with a new phone. SMS (text message) is easier and tied to your phone number, but if hackers can intercept your SMS messages or port your number, they may have access to your account.
There are other solutions; USB keys that must be inserted into your computer, a key fob which supplies a unique code without having network access, or various others. But they all have their own pluses and minuses, the biggest of which is most accounts don’t support them and most users don’t have them.
After setup (which your account provider should help you with), you are done. You only need to do this once, unless your phone/number changes. From then on, two methods of authentication will be needed to access that account. This means IF a hacker gets your password, they still will not have access to your account without also getting your phone/number.
Normally, multi-factor authentication is not enabled by default; you’ll have to do it for each account. It is recommended that you do this for your financial, personal email, and other highly important accounts. All though it seems like more “technical” work, your providers will make it as easy as possible to set up and you only need to set it up once.