What is Multi-Factor Authentication?
Most weeks I see posts on social media from other people, claiming their accounts have been hacked. More than often, it’s not so much a “hack” but more likely, their credentials have been stolen or guessed.
Hacking is often the least of their problems.
So, assuming it’s someone that I know, I ask them if they’ve changed their password yet. They usually have. I ask them for their email address and do a quick check to see if it’s coming up in any known breaches.
Then I ask them if they’ve enabled MFA (Multi-factor Authentication) on their account. The almost-inevitible answer is “Whuh? What is that?”.
Multi-factor authentication puts another, dynamically changing password (or numeric code in most cases) between the individual’s password being entered and eventual access to a service being granted.
This additional pass-code comes often via SMS/Text Message or from an Authenticator application such as Google Authenticator, Microsoft Authenticator or Authy.
These codes change for each use and mean that even if a would-be attacker manages to obtain your email address and password, they’d still need access to your device to gain access to your account.
Now, ideally, you would protect as many accounts as possible with MFA, but this won’t always be available or be practical. So, at the very least, ensure that your critical and most important accounts are protected. These usually include Email, Social Media, on-line Storage such as Dropbox, Box and OneDrive and of course, anything financially related such as online shopping, PayPal and so on.
Whatever service you’re using, the settings for Multi-Factor Authentication (also known as Two-Factor Authentication or 2FA), can usually be found under the settings for your profile, under the heading of “Security”.
If you’re using a service which does not offer MFA / 2FA, perhaps it’s time to move to one that does.
Handy Links
I’ve compiled a short list of links to help you enable MFA for some of the most commonly used services. Most of you are on Lockdown due to Covid-19, so boredom may well be kicking in now. What better time to start securing your accounts than now?
Google Accounts (including Gmail)
https://support.google.com/accounts/answer/185839?co=GENIE.Platform%3DDesktop&hl=en
Microsoft (Including Hotmail)
https://support.microsoft.com/en-us/help/12408/microsoft-account-how-to-use-two-step-verification
https://help.twitter.com/en/managing-your-account/two-factor-authentication
https://www.linkedin.com/help/linkedin/answer/544/turn-two-step-verification-on-and-off?lang=en
Apple Account
https://support.apple.com/en-gb/HT204915
Amazon
https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=202073820
PayPal
https://authy.com/guides/paypal/
eBay
https://nakedsecurity.sophos.com/2018/05/31/how-to-set-up-2fa-on-ebay-go-do-it-now/