Penetration testing, also referred to as pen testing, is a simulation of a cyber attack that organizations conduct to identify security vulnerabilities within their systems. By
Multi-Factor Authentication (MFA) is an important security measure because it requires an additional form of authentication before a user can access an account, service or app. Microsoft found that MFA can block over 99.9% of account compromise attacks, making it one of the most important cybersecurity measures you can implement to protect your accounts.
Continue reading to learn what MFA is, why it’s important and different ways you can enable MFA on your accounts.
What is multi-factor authentication?
MFA is an authentication method that allows you to access an account, service or app only after you’ve provided at least one additional authentication factor to verify your identity. Instead of relying solely on your username and password to protect your account, you can enable MFA to ensure no one else can access your account, even if your username and password become compromised. Once you’ve enabled MFA on any of your accounts and selected the type of MFA that works best for you, your account will be better protected from cybercriminals attempting to crack your password because they will not know your unique form of MFA.
Why it’s important to use multi-factor authentication
It’s important to use MFA because it adds an extra layer of security to your accounts, prevents your accounts from being compromised via data breaches and notifies you of suspicious login attempts.
MFA adds extra layers of security to accounts
Since enabling MFA prohibits anyone from accessing your account without at least one additional way to verify your identity, MFA adds an extra layer of security to any account you enable it on. Even if a cybercriminal guesses your password correctly and tries to log in to your account, MFA will stop anyone from gaining access to your private information.
MFA prevents account compromise from data breaches
If a company you have an account with suffers a data breach, your account’s login credentials may be compromised and could potentially fall into a cybercriminal’s hands. However, by enabling MFA, you can prevent your account from being compromised even in the event of a data breach because a cybercriminal won’t be able to authenticate your identity.
MFA alerts you to suspicious login attempts
Depending on the MFA method you have enabled on your accounts, some MFA options can notify you if suspicious login attempts have been made. For example, if you have SMS text messages enabled as a form of MFA, you will receive those messages only after your username and password have been correctly entered. If you didn’t try to log in to your account and still receive a text message code, this is a sign that someone else has used your username and password to try to gain access to your account.
What options do I have for MFA?
There are several types of MFA, and some accounts or websites limit which kinds of MFA you can use. Here are some examples of popular MFA methods you can enable on your accounts.
Time-Based One-Time Passwords (TOTPs)
Time-Based One-Time Passwords (TOTPs) are typically six-digit codes that are only valid for under one minute. You can download an authenticator app to store and access these TOTP codes. Once you’ve entered your password for an account to log in, you will be prompted to enter the limited-time TOTP code to verify your identity. Because these codes are only available for a short period and are unlikely to be intercepted, this form of MFA is very secure.
SMS-based authentication
SMS text message tokens require you to enter your phone number when creating an account. You will receive a code sent as a text message to your phone, which you can then use to log in to your account. This method of MFA is one of the least secure because someone can intercept your text messages through SIM swapping, or your phone could become lost or stolen.
Email-based authentication
Similar to SMS-based authentication, email-based authentication sends a One-Time Password (OTP) to your email to verify your identity when logging in to an account. After entering your username and password for an account, you will be sent an email with a code that you must enter to gain access to your account. Since your email account could potentially be hacked and email messages may be intercepted, this form of MFA is not very secure.
Security keys
Hardware security keys are physical tokens that you must keep in a safe location to ensure they don’t get lost or stolen. After you log in to your account, you will use the security key by inserting it into or tapping it on your device to validate your identity. Since a cybercriminal cannot steal this key online, the only way this MFA method would fail is if the security key is lost or stolen.
Security questions
Security questions are used both digitally and verbally to confirm your identity, so it’s important to choose a question that nobody can find the answer to online. For example, if you select a security question with your bank like, “What is your dog’s name?” someone may be able to find that information if you’ve posted pictures of your dog on social media.
Biometrics
Biometric authentication uses your unique physical characteristics, such as your fingerprint or facial features, to validate your identity. To set up biometrics as an MFA method, you have to scan your fingerprint or face with your device. Since everyone has a unique fingerprint and distinguishable facial features, this method of MFA is very secure, especially for logging in to accounts with sensitive data.
Keep your accounts safe with strong passwords and MFA
You can protect your accounts by using strong passwords and enabling MFA. Make sure each of your accounts has a unique password containing at least 16 characters and a combination of uppercase and lowercase letters, numbers and symbols.
Once you’ve updated your passwords to stronger ones and set up MFA on accounts that support it, you should store your passwords and MFA methods in a password manager like Keeper®. Keeper Password Manager can store passwords and 2FA codes, eliminating the hassle of going back and forth between apps to unlock your account.
Start your free 30-day trial of Keeper Password Manager to simplify your login process and protect your accounts.