BLOG


Back to Basics: What’s multi-factor authentication – and why should I care?

Back to Basics: What’s multi-factor authentication – and why should I care?

By Tom Lambotte | March 16, 2022

There’s the old-fashioned, insecure approach to logging into your bank account: using your username and password for most of your online accounts.

You’re in.

You can carry on with what you were doing.

Not so fast!

If you use five or fewer passwords for all of your accounts, you may create a “domino effect” that allows hackers to take down numerous accounts simply by cracking one password.

There’s a quick and straightforward technique to safeguard your accounts (which hold a lot of personal information) with multi-factor authentication (MFA).

What exactly is MFA?

MFA is straightforward, and law firms pay greater attention than ever to provide a pleasant user experience.

You’ve undoubtedly already used MFA in some capacity. For example, if you swiped your bank card at an ATM and then entered your PIN (personal ID number), you’ve used MFA. You’ve utilized MFA by logging into a website that provided a numerical code to your phone, which you then entered to access your account.

Multi-factor authentication (MFA), sometimes known as two-factor authentication or 2FA, is a security feature that allows you to provide two forms of verification – your credentials – when logging into an account.

You have three options for proving your identity: something you know (such as a password or PIN), something you have (such as a smart card), and something you are (like your fingerprint). Your credentials must come from two different categories to enhance security, so using the same password for multiple accounts would not be considered multi-factor authentication.

Consider the following scenario: logging into your bank account. If you’ve enabled MFA or your bank has done so for you, things will play out a little differently. First and foremost, you’ll type in your login name and password. Then, as a second verification method, you may utilize an authenticator app that generates a one-time code that must be entered on the following screen. You’re in – that’s all there is to it!

In most situations, it’s even simpler.

Most MFA technologies will retain a device. So, if you return using the same phone or computer, the site will recognize your device as a second factor. Between device identification and analytics, banks are usually doing things like checking to see whether you’re signing in 20 minutes later from halfway around the world—most of the time, only those who are attempting to break into your account have to do any extra work.

What’s the big deal? MFA adds a second layer of security by making it more difficult for hackers to impersonate you and gain access to your account. Because they’d need to steal both your password and your phone, thieves would be unable to log in as if they were you. You’d immediately notice if your smartphone were stolen; therefore, you’d report it before a criminal could use it to log in to your account. Secondly, your phone should be locked down, requiring a PIN or fingerprint to open it, making it even less helpful if someone wants to use your MFA credentials.

According to a recent Google poll, 2FA is one of the top three things security experts do to secure their online security. Additionally, TeleSign found that almost nine in ten (89%) consumers feel utilizing 2FA makes their online information more secure. And who wouldn’t want to feel more secure these days?

When should I use MFA?

It’s impossible to eradicate all internet crime, but taking simple precautions can significantly lower your risk of becoming a victim. It would help if you utilized MFA whenever possible, especially for your most sensitive data—such as your primary email address and financial accounts.

While many businesses demand that you use MFA, many others provide it as an optional setting that you may enable—you must take the step to enable it. I believe strongly that 2FA should be required on all email accounts at a minimum.

Furthermore, if a company you deal with frequently, such as your health organization, wishes to provide you internet access to your medical records, test results, and invoices but only provides a password as a method of protection, consider saying: “No thank you; not until you give MFA to secure my information.”

You may discover a list of websites that provide MFA here, as well as step-by-step instructions for enabling it for your accounts. You can even utilize this browser plugin produced from last year’s National Day of Civic Hacking contest; it informs you which of the websites you visit offer MFA and makes it easy to call out those that don’t.

It’s straightforward: turn on MFA now!

  • March 16, 2022

About the Author

Tom Lambotte is a legal technology expert, author and the CEO of GlobalMac IT. He helps Mac-using lawyers with super simple technology, security and efficiency strategies that work. He’s on a mission to help attorneys using Apple computers reduce their security risk and get more out of their technology. Get his free 33 Stupid Simple Mac Tips and score some quick wins to boost your productivity.