MFA – What Is It & Why Do You Need It?
03/12/2018
By Glen, IT Superhero
Securing Your Online Personal Accounts
With an ever-increasing number of services moving to the web, it is essential that your online accounts are properly secured. People use online services these days to store their entire personal lives, and it’s common for an account with a service such as Google to provide a single point of access to a large trove of information including e-mail, photos, documents and more.
It is no longer enough to use a single password to secure your online accounts. Passwords can become known to hackers if they break into networks and copy databases containing username and password information. Hackers can also trick users into providing these details by sending fake emails that request that they verify their username and password. These emails then direct them to a fake webpage under the control of the hacker.
So how can you ensure that your account is secure, even if your password becomes known?
Simple. It’s a technology called multi-factor authentication, or MFA, with two-factor authentication (2FA) being a subset of MFA. This means that there is a second piece of information required to access an account which is separate to the password. This second piece of information is often a verification code sent to a mobile device via a text message or an app that is in your possession at the time of login. Having this in place means that if a hacker gains access to an account password they will not be able to login to the account, as they will be unable to access the extra verification code. This is one of the most effective security controls you can implement to prevent unauthorised access to computers, applications and online services.
Many of the big web service providers allow you to enable multi-factor authentication to log into their services, and often encourage it. Microsoft and Google provide multi-factor authentication for all of their online services, and we recommend enabling it wherever possible.
Great – how do you get started?
Here are some links to the documentation for different services to guide you how to enable these on your own accounts:
Microsoft.com personal accounts used with Outlook.com, Onedrive, Microsoft Store and across Windows 8.1/10 PCs
https://support.microsoft.com/en-ca/help/12408/microsoft-account-how-to-use-two-step-verification
https://support.microsoft.com/en-ca/help/12408/microsoft-account-how-to-use-two-step-verification
Google Accounts used for Gmail, Google Photos, Google Docs and across Android devices
https://myaccount.google.com/security/signinoptions/two-step-verification/enroll-welcome
https://myaccount.google.com/security/signinoptions/two-step-verification/enroll-welcome
Apple ID used for iTunes, iCloud, Apple Music and across iOS devices
https://support.apple.com/en-au/HT204915
https://support.apple.com/en-au/HT204915
These are the most common accounts in use across online services but there are many more, including online account platforms like Xero and MYOB. Social media accounts like Facebook, Twitter and LinkedIn can also be secured using these methods.
It may be slightly more inconvenient to log in but it’s a small price to pay compared to having all of your private information stolen!