What is two factor and multi factor authentication and why you should use it

Working in the IT industry for close to 20 years, I’ve always had to deal with password complexity, secret questions, etc. and the annoyance of having to reset them periodically. Smarter people than me would put these policies in place for my (and their) protection. Over the years, I’ve learned to fully appreciate the value of some of these practices and how they protect me against hackers or other bad players trying to access my information. While I used to think it was a pain to do this, I now see it as a security barrier against bad things happening.

Working with small businesses, I see more and more issues where emails are being hacked and then used to send to false invoices to vendors asking for payment, but having the money funneled to the hackers instead. And since they have access to the legitimate email account, the vendors don’t always catch on and just pay it. This becomes troublesome and creates loss of money and loss of trust between companies. This is where adding security layers helps protect against this sort of thing.

You know when you login to your bank online, and they have you setup another form of authentication, like secret questions, or adding your email or cell phone as a way to authenticate you? This allows you to enter your username and password, then it texts or emails you to verify it’s really you. This is part of the extra layer I am talking about. And if you aren’t using it on every online account you have, you should.

It can be a little confusing knowing that there are two factor (2FA), multi factor (MFA) and two step authentication and what the differences are. I won’t get into too much detail here on that, but just know that whichever authentication they offer, you should enable it and take advantage of the benefits of it.

Essentially these are methods for verifying your identity, with each category being a factor. The first factor is typically something you know, which is your username and password. Another factor can be something you have, like a security token or a cell phone, and another factor can be inherence, like biometric characteristic like fingerprint, iris scan, or voice recognition. Ideally, you have 2 of these involved when logging into any online account.

For instance, if you have a Gmail account and you have this enabled, and someone acquires your password in China and tries to login to your account, you will get a text or email with a code to enter for them to complete the login process. Since they don’t have access to that code, they will be unsuccessful, and you will know someone is trying to get in. This will allow you to go in and change your password as a safeguard and they never actually got logged into your account.

This is a major issue going forward that we should all be taking advantage of in order to protect our online accounts. This should be enabled on every single online account you have for best possible protection. Nothing is going to be full proof, but adding more layers of protection gives you a step up on the people out there trying to get in.