What is Multi-Factor Authentication?
- Something you know, such as a username/password combination.
- Personal characteristics, such as a fingerprint, retina scan, or facial recognition.
- An item that you have in your physical possession, such as a key fob or a smartphone.
A common form of MFA in use today begins by entering a username/password combination to log-in to a website. Upon doing so, the user receives a numeric code on their smart phone and, in turn, they also enter that code into the website to complete the process of authenticating to the website. The advantage to MFA in this scenario is that someone attempting to “hack” their way into the user’s website would not only need to know the username/password combination, but they would also need to have the user’s smartphone in their physical possession in order to receive the text message to complete the authentication process. And, while this is not an impossible scenario, it is a far less likely one than the hacker knowing the user’s username and password combination. As a result, the risk of the hacker accessing the user’s account is diminished significantly.
Which Apps and Services Offer Multi-Factor Authentication?
How Do I Activate Multi-Factor Authentication?
What Should I do if Multi-Factor Authentication is Not Available?
- Passwords should be at least twelve alphanumeric characters in length.
- You should never write your passwords down.
- Never share your passwords with anyone.
- Change you passwords immediately if you suspect that they may have been compromised.
- You should use a separate password for each website, service, or application you access.
From a practical perspective, most individuals simply cannot comply with the guidelines outlined above and, to that end, password management tools such as Roboform, LastPass, KeePass, Dashlane, and Zoho should be used to help manage passwords. (You can access CNET’s best password managers for 2019 by clicking here.) Remember, if the websites, applications, and services you use do not support MFA, the security of your sensitive data will be almost solely determined by the strength and security of your passwords…this is not a time to be lax with your passwords!