Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN.
You should be taking an inventory of all of your ONLINE accounts and making sure that each account is setup with MFA!
How Does MFA Help? Passwords are cracked and leaked. MFA adds an additional layer of security beyond that of the typical security questions like “what’s your pet’s name” which can be easily guessed. MFA consists of at least 2 challenges… the first is something you know (AKA your password) and the second is something you have (like your cellphone phone) for which you can receive a TEXT message or have an authenticator application.
What happens if I don’t us MFA? Your online accounts are at greater risk of unauthorized access. An account for a fast-food APP is not too risky but what would happen if one of your Social Media accounts was compromised; there could be reputational damage.
Don’t Most Online Providers Require MFA? Unfortunately, they don’t all require MFA. Google accounts (Gmail and etc.) only made MFA a requirement in mid-2022.
What Kinds of MFA are Available? Glad you asked. The most standard is TEXT message to your cellphone. This is fine but cell phone attacks (SIM hacks) are on the rise. Many online solution providers are finding better security with Authenticator APPS like Duo, Microsoft Authenticator, Google Authenticator and more. Get ready because some organizations are fully transitioning to MFA via an Authenticator App.
What Does the CISA have to Say about MFA?
Multifactor Authentication | CISA
What Does NIST have to Say about MFA?
Back to basics: Multi-factor authentication (MFA) | NIST
What does Microsoft have to say about MFA?