Let’s be honest. How many different passwords do you use for all the various accounts you access online? If you’re like most of the population, you rely on one or two different passwords to protect all the information about you that’s digitally accessible. From broad personal details like age, address and phone number to sensitive information like your Social Insurance Number, banking, employment records and healthcare information, virtually everything anyone could ever want to know about you can be found online.
In the increasingly important and ever advancing field of cyber security, tech experts work diligently to devise technology that stays one step ahead of hackers, making it more difficult for criminals to steal identities and hack into corporate, government and military databases that contain highly sensitive information.
Hence the dawn of Multi-Factor Authentication, or MFA – a double, and sometime multiple step identification process that ensures when you sign-in to online accounts, you’re actually the person that should be signing into them.
MFA isn’t exactly new.
Banks adopted the technology years ago when it became necessary to both swipe your bankcard and then enter a PIN number to access your personal account. But since smartphones have become the primary method of communication and online access, MFA technology has advanced, and the technology that implements MFA checkpoints has become impressive.
Levels of MFA can now include something you know (a PIN), something you have (a secondary card or other personal information), and even something you are – identifying your fingerprint or face, for example. Another widely utilized form of MFA is a code requirement – a 4 to 6 digit password that’s sent to users via text, and must be submitted back to the online provider before access to the account is allowed.
How does MFA work?
MFA nowadays is generally a three-step process that goes something like this:
- A user logs into an online account by providing a user name and password.
- The user is then asked to provide a secondary level of authentication, typically either fingerprint identification, facial identification, or a one-time code sent via email or text.
- User is granted access to the account.
MFA has become smart enough to remember particular devices, so if you’re logging into familiar accounts through a cell phone, laptop, tablet or desktop computer you’ve used before for the same purpose, the process tends to be quicker. If the device is new, users won’t be granted access until a notification is sent to a previously (i.e. known) device, from which approval for the new device to access the account is granted. Behind the scenes technological safeguards are at work whenever you attempt to access online information. If a code notification comes from a secondary device halfway around the world from where the primary device is located, it’s likely access to the account will be suspended until the provider can prove the identity of the person trying to get in.
(Tip: Always have the lock function enabled on your mobile phone for an extra line of defense against identity theft.)
Hackers are very adept at getting the information they need to access information they’re targeting. Everything from rather benign email phishing tactics to threatening phone calls are used, but according to the 2017 Data Breach Investigations Report, 81% of hacking breaches are due to leveraged or weak passwords.
So, where should you begin?
First and foremost, make sure you have very strong passwords for all your online accounts, and diversify them as much as you can – particularly for accounts that are very important or very sensitive. There are great apps that keep track of various passwords for you, and most smartphone technology holds passwords in a keychain right from your device – so don’t be afraid to get creative. “MyPassword123” isn’t good enough.
If your business uses Office 365, you should be aware that an MFA function is available for this popular cloud computing service. It’s highly advisable that you enable it, primarily because your entire 365 system is remotely accessible from anywhere in the world via any device. If you’re unsure whether or not Office 365 MFA is enabled for your company, contact your IT provider.
Beyond your own first line of defense, companies and organizations everywhere are implementing MFA to double and triple safeguard your information – a security measure that up to 86% of online users say makes them feel more confident that their online identities are protected.
About This Blog
We are constantly on the lookout for new things that have promise to make business or life better. These gems could be software, hardware or just an idea. Subscribe to find the ideas we hope will help you and your business succeed.