MFA works by asking for one or more additional verification factors on top of a username and password, which decreases the likelihood of a successful cyberattack. These factors can include, but aren’t limited to; an extra PIN, the answer to an extra security question such as “What’s your favorite pet’s name?”, an additional code either emailed to an account or texted to a mobile number, a biometric identifier like facial recognition or a fingerprint, or a unique number generated by an authenticator app.
Not every account offers MFA, but it’s becoming more popular every day, as according to Microsoft those who enable MFA are significantly less likely to get hacked. This is because even if one factor (like your password) becomes compromised, unauthorised users will be unable to meet the second authentication requirement, ultimately stopping them from gaining access to your accounts or other resources.
Now that you know what it is, you’ll see prompts for Multi-Factor Authentication (MFA) all over, which is also sometimes referred to as Two Factor Authentication (2FA) or Two Step Verification (2SV). And our advice is that whenever it’s available you should enable it, starting with your email account, then financial services, then social media accounts, then online stores, and any other online services that you utilise.
Start by looking at the biometrics and security settings on your most-used accounts, and look for options to enable MFA, 2FA, or 2SV. Don’t worry if you don’t see a prompt for MFA on one of these accounts, as you can send a note to each company you have a personal account with to enable the feature. Alternatively, you can contact your Organisation’s IT service provider to ask them to activate this feature on your behalf for any business accounts that you use at work. After all, it’s your security at stake!
For more advice on multi factor authentication, including how to set it up across the personal accounts you use at home, or for guidance on how your Organisation can implement MFA, please read the 'National Cyber Security Centre's guidance on stepping up to multi-factor authentication'.