What is Multi Factor Authentication?
Simply put, Multi Factor Authentication adds an extra layer of security to the existing authentication process. It can also referred to as MFA, Two-Factor Authentication (2FA) or Two-Step Verification. It provides a way of confirming that you really are the person you are claiming to be when you’re accessing online services. We have enabled MFA on all staff accounts at the University, find out more here.
There are three types of thing commonly used for authentication:
- Something you know, such as a password, pattern or PIN.
- Something you have, for example a bank card, physical security token, or a phone or other mobile device which can generate or receive a single-use code or push notification.
- Something you are, things like a fingerprint, face scan or voice pattern – these are collectively known as biometrics.
Traditional systems tend to use just the first (something you know) for authentication. More modern systems will use one of the other – potentially more secure – types of authentication, or in the case of MFA will require a combination of them for increased security.
Why does using MFA improve security?
Cyber criminals might be able to use techniques such as phishing, brute-forcing and hacking websites to find out your passwords, but it’s very unlikely that they’ll also have access to your phone or fingerprint in order to successfully pass multi factor authentication.
Studies by Google and Microsoft have shown that enabling MFA is more than 95% effective in preventing account compromise as a result of a bulk phishing attack. You should definitely consider enabling MFA on your most important accounts, such as your email, online banking and any other services which could result in financial loss if misused.
How do I enable MFA for my online accounts?
The steps for enabling MFA will vary from account to account, but you can usually find it in the same place as the password or security settings, or by searching the help or support pages. For a handy guide to which services support MFA/2FA and how to enable it for them, take a look at https://twofactorauth.org/.
What happens if I no longer have my second factor device?
For MFA to be secure, it can’t be easily bypassed by cyber criminals. This means that even if you know your password, you won’t be able to login to an account with MFA enabled without your device or biometric. To avoid getting permanently locked out of your account, you should read the documentation carefully before enabling MFA and keep a note (ideally on paper!) of any recovery codes you are given during the setup process.