Multi-Factor Authentication: What Is It and Do You Need It?
- Scott Tansowny
- Privacy & security
- August 31, 2023
You may have come across the term multi-factor authentication with the continued coverage of cyberattacks on individuals and businesses. Losing access to an important account such as your email account or banking site can be a terrible and costly experience but possibly the easiest way to prevent this is using multi-factor authentication.
So what is it?
In order to secure an account it needs to be locked until you authenticate that you are the owner of the account. This can be done in three main ways: something you know, something you have, and something you are. Something you know would be a password or answer to a security question; something you have would be an authenticator you have on your person such as an authentication app, your cell phone, or a hardware authentication device; and something you are would be something unique to you like your fingerprint or a scan of your retina.
What multi-factor authentication means is requiring two or more of these to authenticate yourself such as a password and authentication app or a password and retina scan. A key point to remember is that in order to be protected by multi-factor authentication two different methods must both be required, not one or the other such as using a pin or fingerprint to unlock your phone.
Why would I want multi-factor authentication?
Using only a password to authenticate yourself with an important account such as an email account, business website, or banking account, leaves you open to possible hacks. If your password is reused on another site and that site gets compromised, hackers would have access to your password making hacking your account easy. Also, if your password is not a strong password (long and containing upper case letters, lower case letters, numbers, and symbols) it could potentially be hacked if a hacker gains access to a company’s password database.
When your account is protected by multi-factor authentication, even if a hacker gains access to your password, without the second factor they would be unable to access your account. With this extra protection your online presence is considerably more secure.
So how do I set this up?
Many sites such as banks and email providers offer the option to set up multi-factor authentication in a variety of ways. Depending on service, this may be found in different locations but it should be somewhere in the security settings. The most common is using a cell phone number where upon trying to log in you will be texted a pin number that you will have to enter as well as your password. The one downside to this method is there is a potential for a hacker to use social engineering to gain access to your phone number and get around the second factor.
Another, more secure, option is to use an authentication app on your phone that, when synced with your account, will provide you with a one-time pin each time you try to unlock your account. This can be set up with many online accounts and there are many good providers of authentication apps. Some of the apps include Microsoft Authenticator, Google Authenticator, and Authy.
A third option, the most secure option, is using a hardware authenticator. This is a small device that you carry with you (many attach to key chains) and plug into a computer or phone to authenticate yourself after entering your password. Two of these hardware options include Google’s Titan Security Key and Yubico’s YubiKey.
Whatever method you choose, using multi-factor authentication is one of the best ways to secure your online presence.
