What is multi-factor authentication?
Multi-factor authentication – abbreviated as MFA, which also encompasses two-factor authentication (2FA) – is a security process that requires users to provide a secondary form of account validation in addition to your password to prove it is you who is attempting to log into a system or account to which you have access. This secondary form of validation may come through a “push” notification on a cellphone app, a text message, or a phone call.
MFA helps reduce the likelihood of an account being accessed through password cracking or phishing since there are two steps to obtaining access. Phishing is a technique for attempting to acquire sensitive data, such as bank account numbers, and usually happens through a fraudulent solicitation in email or on a website.
What’s an example of 2FA?
Say you use online banking. Your bank wants to verify it’s you trying to log in and not someone else who has access to your computer. You will be prompted to have a notification sent to an app on your cellphone where you provide proof that it’s you trying to log in to your account. The two factors you have provided are your log in information and a response to a notification where you accept or reject the request in an app.
Another example of a secondary factor could be that your bank gives you the option to receive a text, call, or email with a 6-digit pin that you then enter on your computer to verify your account.
Another example of 2FA is when you use an ATM machine: you both have to insert a card – a physical object you have – and enter a pin – something you know.
Where is MFA used?
- Online banking or investment sites may use MFA to protect your banking information.
- Online physician’s portals use MFA to protect your medical information from being viewed by someone else.
- Many colleges require students to prove who they are before granting them access to grades or their student account.
- Social media platforms, like Facebook, offer multi-factor authentication. This capability should be enabled, so that the likelihood of your account being compromised is greatly reduced.
Is MFA foolproof?
As with most security approaches, MFA is not foolproof. However, it remains one of the most effective tools to prevent unauthorized access. Multi-factor authentication should be enabled on any accounts where it is available.
What should I do next?
Protect yourself from fraud, phishing, and other scams by setting up multi-factor authentication for your accounts. Most company websites will have a webpage that describes how to set-up MFA for your account.
For additional Empowerline blogs with information and tips about protecting yourself against scams, check out: