What Is Multifactor Authentication and Why You Should Use It
Multifactor authentication requires someone to provide several types of authentication to access an account, and it can help keep your online accounts secure.
Photo by Ylanite Koppens on Pexels
As data breaches continue to make headlines, adding an extra layer of security to your online accounts can be important for keeping your personal and financial information secure. One simple step you can take is to turn on multifactor authentication (MFA), which can keep someone from breaking into your account even if they know your username and password.
How Does Multifactor Authentication Work?
MFA requires someone to share a combination of at least two different types of information to verify their identity. The info is commonly separated into three categories:
- Something you know: Email addresses, usernames, passwords, PINs, account numbers and other personal information
- Something you have: A mobile device, card, badge, or authentication device
- Something you are: Your fingerprint, face, eyes, and voice patterns
There's also a good chance you've used MFA, even if you didn't realize that's what it was called.
When you enter a code that's sent to your phone before logging into an account, you're verifying that you know the correct username and password and have possession of the phone that's linked to your account. Similarly, you're using MFA when you use your debit card and PIN at an ATM, or a credit card and its billing zip code at a gas station.
Using MFA with Your Online Accounts
With online accounts, you'll enter your username and password as your first form of verification. The second could come from:
- A one-time passcode that's emailed or texted
- A push notification that's sent to your phone
- A limited-time code that's generated by an authentication mobile app, usually free, or security device that you can buy
- A security key — a USB thumb drive-like device — that you plug into your computer
- A fingerprint or face scan, which you may be able to do with your computer or a linked mobile app.
Each of these has its pros and cons. For instance, sending MFA codes by text or email is one of the most common options and the easiest to set up. But there are bots that trick people into sharing these codes with a scammer, which then lets the scammer break into an account.
On the other hand, the physical security devices and keys may be more secure options. However, you'll have to purchase these, and you might temporarily lock yourself out if you can't find the device.
Your options may also be limited because some accounts only support certain types of authentication methods, apps, or devices.
Should You Turn on MFA?
Some companies automatically require you to use MFA and send a code to your email or phone, especially when you're logging in from a new device or location. Others don't offer it as an option at all, and some give you the choice of turning MFA on or not.
For example, if you have a myFICO account, you can turn on 2-step verification (a type of MFA) from your profile page. You'll then verify your password, phone number, and enter the code that's sent to your phone.
Turning on MFA can make logging into your accounts a little more difficult — that's the point, after all. Still, it's a relatively simple step that's quickly becoming a best practice.
A data breach might expose your username or password, which could be sold to criminals who can use it to access your account (one reason to use unique passwords is to keep a data breach from threatening multiple accounts). However, if you use MFA, the person can't log in without the second type of verification.
You also may have options that can make MFA less intrusive to your everyday online activity. For example, after enabling MFA for your myFICO account, you can configure it to remember your device so that only someone who tries to log into your account from a new device or browser (or an incognito tab) will be asked for the verification code.
With all this in mind, even if you don't turn on MFA everywhere, consider using it with your financial accounts, loyalty programs and any other accounts that contain important financial or personal information.