Do you change your passwords every three months? Do you use a different password for every website you use? Do you keep your passwords in an encrypted, password protected file or program?
If you are like the vast majority of computer users the answer to at least one of these questions is no. When the answer to any of these questions is no, whatever you are accessing that requires a password is at risk of been seen by someone who shouldn’t have access. That’s a bad thing.
That doesn’t mean you can’t do anything about that.
Multi-Factor Authentication
Many websites that have private or sensitive information require that you use multi-factor authentication (MFA) with many more added to that list daily. Other sites offer the option to use it. What is MFA?
Multi-Factor Authentication is a process that verifies that the person logging in to an account actually is the person who should be logging in to the account. Here is how it works:
- While logged in to an account, you turn on MFA. At that time, the site requests that you provide a method to contact you, either through text, email, phone call or an app. Once you do, the site sends you a code to confirm that you’ve given the site the correct info.
- Once you set up the MFA, you will get a code via your preferred method when you log in to the site. Some sites require authentication every time, some sites place a cookie on your device the first time you log in to that device and occasionally ask you to confirm it’s you.
- If you don’t enter the correct code, you can’t log in.
Why Using MFA is Important
Most websites want you to use your email address as your username. This makes it easy for someone to guess the first half of your login. Add to that the number of companies who have been compromised – giving up the password you used for that account. If you use the same password at multiple locations, well – you account security has been broken.
If you have MFA turned on, you are protected against this happening. When anyone tries to access your account, the website will send you the code. They will not be able to log in because they don’t have the code. And – you will know that someone is trying to access your information.
The perfect example of this is described in my article – The Email Hack that Isn’t a Hack. If MFA is turned on at Microsoft 365, the hacker can’t get in to your account – EVEN IF THEY HAVE THE PASSWORD!
What You See when you use MFA
What you see when you log in to an account where MFA is enabled depends on what method you chose to use. Basically, you go to the website and enter your credentials. Next, an new entry field will open asking you for the code that was sent to you.
If you selected text method, you will get a text. If you selected an email, check your mail. If you use phone authentication, answer the phone. These methods usually have a timeout factor. The code will only be good for a few minutes. If you wait too long to enter the code you will need to request a new code.
Many websites use an authenticator app like Microsoft or Google Authenticator. When you sign up to use an app with a website – the authenticator app has an entry for that website. The servers for the authenticator app generates a random code which changes every 30 seconds. You open the app and get the code, then enter it on the website.
SO… Should you use MFA? That’s a personal choice – and it depends on the level of security you want for your data. If you lock the doors to your home and car every time, you are probably concerned about your possessions. You don’t want someone else to have easy access to your ‘stuff’. My recommendation – yes.