….and why is it important for me?
Put simply, multi-factor authentication (MFA) adds a simple step for you to take when logging in, but makes it very difficult for a hacker to get into your account. In most cases it requires a secret code to be entered after you’ve put your username and password in. Your username is often easy to guess, or at the very least, not very well protected.
Usernames are often email addresses, which are by definition well known to others. Passwords alone can be easily guessed in many cases. A thief will find it quite difficult to guess a secret code though, even if they manage to crack your password. The code will expire quite quickly, meaning they won’t have a lot of time to guess it.
Multi-factor authentication can take many forms. Here are a few of them:
- When you log in, you get a text message or email with a secret code for you to enter.
- When you log in, you consult an authentication app on your phone for a secret code to enter.
- Adding a biometric requirement such as fingerprint or facial recognition.
- Adding a physical card or device such as RFID or barcode.
Essentially it boils down to something you know, and something you have. You know your username/password and you have a secret code, biometric or card in your possession.
The simplest method for implementing MFA (sometimes called 2 factor authentication of 2FA) is to require a secret code only when you log in to a new device. Anyone trying to get into your account needs to know your username password and have in their possession either the physical device, or a means of getting the secret code. This will stop most hackers immediately, as they have no means of getting your secret code remotely.
- Wherever possible, implement MFA on any accounts that are important to you, including banking, social media accounts and email.
- Don’t write down passwords on devices or in notebooks near your devices. If you must write them down, lock them away.
- Use a password manager app to secure all your passwords. We recommend RoboForm
- Don’t access your accounts from public devices, unless you know how to properly protect yourself by ereasing your credentials after you finish.
- Use hard to guess passwords. Don’t make it too easy for the criminals.