Multi-Factor Authentication: Preventing account hacks

Making MFA easy to understand.

Two men in ski masks are running towards a solid metal door.

As they get to the door, they see a pin pad on the right side. They enter the pin number. Then see a message, “Line your face up in front of the camera.”

In anger, they run away because they didn’t have what they needed to get in.

You’ve seen this story hundreds of times on TV, but this same type of tech is available on your devices.

This is MFA (Multi-Factor authentication).

MFA (Multi-Factor authentication) is the most critical security measure you can take.

Over the past few weeks, we’ve dug deep into how you’re a security risk to your company and software bugs. It’s important to know how to decrease the risk. A password by itself won’t circumvent a hack.

Here’s what to know to start using MFA with all your passwords.

What is MFA and why is it important?

Multi-factor authentication is the 2nd level to a password.

A password is something you know. MFA adds something you have. This could be an extra code, a picture, a notification, or something physically in your presence.

This is important because a hacker wouldn’t have access to this extra step. When the hacker attempts to log in to your account, the asks for a second form of identification. This is why the second form is something you have.

What are some types of Multi-Factor authentication I know?

MFA is most common on phones, tablets, and notebook computers (laptops).

You know it as FaceID on your Apple devices, a fingerprint reader on your computer, phone, or tablet, and Windows Hello on Windows computers. Also, it’s the SMS (text messages) or email verification codes you get from some websites to get access.

It has become a common feature on many websites such as Instagram, Twitter, and bank sites. You might already use the SMS option. I recommend you upgrade to an app-based authentication instead.

Setting up Multi-Factor Authentication

Each device or website will have a different method.

I am going to help you with websites offering 2FA (2-factor authentication). This is the most common place I see people not using MFA. It’s important to start using it ASAP.

You can find the option in the settings. It will call it 2FA. For websites using 2FA, you’ll need an authentication app to generate the code. Microsoft and Google both make good 2FA apps. They’re both called Authenticator (original right).

Here’s a video showing how it works Microsoft this will give you an idea of how the next steps should look.

1. Get your app choice on your phone.

2. Go to a website you want to set up 2FA on. Go to the settings and find the 2-Factor Authentication option and turn it on.

3. You‘ll receive a prompt to scan a QR code.

   1. If you’re on a desktop computer, open the authentication app on your phone.

      1. Scan the QR code from the authentication app

      2. If you’re on the phone with the app, choose the option to get a code.

   2. Choose the option I have a code in the authentication app

   3. Put the code in

4. Now the authentication app should be cycling a new code every 60 seconds.

5. Go back to the site where you left off it will ask for the code the authentication app is giving you and enter the code.

Now when you log in to this website it will ask for the code. You will need to get the code from the authentication app.

NOTE: Some websites only use SMS or email-based 2FA. This is better than nothing and should be used if there is no other option.

Multi-factor authentication is an important tool to help secure your accounts. It is something you need to start using ASAP.