It is becoming more and more likely that your password will be found out. Multifactor Authentication (MFA) can help keep your account secure, but how?
Multifactor Authentication (MFA) is everywhere now, and rightly so. With the everyday threat of accounts being compromised, the requirement for MFA is more important than ever. But what is it and does it actually work?
Basically, MFA is more than one way to prove you say who you say you are. To put it in everyday terms, If you go to the bank (I may be showing my age here) and ask to withdraw money from your account, you can tell them all you like who you are, but they'll likely (hopefully) want to see some further proof. Like an account number, or some form of approved identification.
MFA works in a similar way online. Most people are used to providing a username and password in order to access things like their e-mail. The problem is, us funny humans like to use the same, or very similar passwords for all of our online accounts. These accounts can be comprimised, so in order to protect ourselves from ourselves, companies like Microsoft are implementing Multifactor Authentication policies. Methods of MFA can be described as follows:
There are applications to fulfill this requirement such as:
Using text is an option for MFA. Instead of sending a notification to your Authentication App, you'll recieve a text with a code. This is considered less secure than using an app as phone numbers, and SIM cards can be more easily exploited. My argument is that text (SMS) is better than nothing, however I would encourage users to use an authenticator app like the ones mentioned above
Another options is using a similar application, one that uses the same username/password to verify access. An example of this might be sigining into your Google TV may ask you to open your YouTube app on your phone or tablet and verify a code (there's a clear trend here).
This is by far the most important thing to grasp. The authenticator app will prompt for verification, whether it is you requesting verification, or someone else. Let that sink in for just a moment. This means unless you've done something to trigger an authentication request, you should not be approving requests from your app. If you are getting a bunch of requests that you arent triggering, there's a really good chance someone is trying to get into your account, and MFA is doing exactly what it's designed to do. At this point I would change my password ( see my post on password complexity and password managers.