Are you who you say you are?
If Yes, tell me something only you and I would know…
If you responded to both of the above, then you successfully just went through an in-person example of multi-factor authentication in action.
At a high level, multi-factor authentication (MFA) is a process used to ensure digital users can prove their identity, by inputting evidence obtained across multiple categories. For example, a password that you enter into your online Outlook portal and a series of numbers that you enter on the next screen, obtained from a text to your mobile by the platform, is an example.
So, why would this be something that could help me?
This is a valid question! Although on the surface it seems like a bit more work on your end each time you log into a portal or application, what is the workload and stress that would come with your organisations data, your personal information and key files being compromised and hacked?
MFA is a way for you to mitigate the risk of being hacked by ensuring any unauthorised user that might gain access to one of your login factors (i.e. password), almost has no chance of gaining access to the other factor (series of numbers texted to you or the answer to a security question).
What are some other examples of MFA?
The Text You Receive When Logging Into Your Email
- When you log into your email account from a different browser and are sent a text with a sequence of numbers to enter on your browser, to verify it’s you
Face ID When You Log Into Your Banking App
- When logging into your Westpac or Commonwealth bank app, you have the ability to sign in via facial recognition, as opposed to proving your identity via another platform/device. This is an example of biometric MFA.
Hard Token Authentication
- If you have ever been required to carry around a fob/physical piece of hardware containing a series of displayed numbers changing every minute, which you need to enter into your digital platform after inputting your password to log in, this is an example of hard token authentication.
A great place to start is your company email, specifically, if you utilise a Cloud-based version of applications such as Office 365 across your organisation, setting up MFA is very easy if you are an admin.
All you will need to do is log into your instance, then click next once it says “more information required”, and follow the prompts to add your phone number to your account. Once this is completed, you will receive a text with a code you will need to input each time you log into your account, no matter what browser you are using.
There you have it! This simple process of setting up MFA across as many portals and software channels as possible, is one of the easiest, cheapest and most effective ways to significantly reduce the risk of any successful password attacks on your system.