3aIT Blog

PadlockWhat is MFA? Multi factor authentication, of course! Also sometimes referred to as 2FA (2 factor authentication), this is the practise of having more than one "thing" necessary to verify a login to your machine or into a website. That "thing" is usually a password and something else at the moment. It could be a text message to your phone, an email, an authentication key from an app on your phone, a fingerprint, face ID... Basically, the main idea is that having access to just one of these things doesn't allow an attacker into an account because it requires at least two.

We know, we know. This is a faff to set up and to deal with. However, we are seeing more and more cases of both business and personal accounts being compromised via a password login. This may be because the password is easy to guess, it may be because there's malware on the machine that has grabbed the password or it may be because someone's visited a fake site and entered their password. Even the very few that have complex, unique passwords for every account can fall prey to some of the more sophisticated social engineering attacks in a distracted moment.

Many DevicesWith increasing amounts of our data now stored online, the cost of an account being compromised can be huge. If an email account is compromised, there may be all sorts of details in there that provide further information for the attacker to exploit. They may send emails to your contacts in your name using that trust relationship to get them to click dodgy links or to ask them for money. If an Amazon account is compromised, it could be used to leave fake reviews on dodgy items from a seemingly genuine account. Even the accounts that seem to have little value on the face of it may provide information to an attacker that helps them build information about you that can be used in all sorts of ways, especially if you reuse the same passwords on more than one account.

In short, whereever possible, you should be looking to use multi factor authentication on all your critical online accounts at the very least, and everywhere it's available if you can. Email, online stores, Windows logins... The more accounts protected in this way, the more you limit the damage that can be done if someone does get into one of your accounts somehow. Yes, it can add a few seconds into the login process, but given the alternative is potentially your whole online identity being stolen in the worst case, this is a very small price to pay.

Mobile PhoneAs to what forms of authentication you should use, most accounts still insist on a password as one of them (although this will likely change over time). Text message and email are the simplest second method and are absolutely better than nothing, but they are also prone to compromise as they can be accessed remotely. If possible, pick a method that can only be accessed by something you have on your person. The easiest of these is some sort of authentication app on your mobile such as Google or Microsoft authenticator. It's also possible to get USB keys that you can attach to your keyring to use as a literal key for your account.

If you need assistance setting this up on any of your business accounts, just let us know. Probably the most important place to start is with email, as this is the best route for an attacker into other accounts. If your email provider doesn't provide multi factor authentication, ir's probably time to move to one that does!