Tech Corner October 2022 | Understanding Multifactor Authentication

Understanding Multifactor Authentication



As cybersecurity incidents are on a continued rise, the need to understand and protect your online accounts from wrongful usage is crucially important.  The alarming fact is that approximately 71 million people become victims of cybercrimes on a yearly basis.  As the world continues to become more dependent on “smart technology” and “online” networks, these numbers will continue to rise.


By now, you’ve noticed most online networks such as banks, social media, credit cards, or e-commerce shopping sites require you to register for two-factor authentication or multifactor authentication (MFA).  Most people don’t understand what MFA is, or why it’s important, so let’s spend this Tech Corner briefly breaking down MFA and understanding what it is.


In its simplest form, MFA is exactly what it sounds like, “another method to authenticate.”  You enter your password to log on to your bank account, and before access is granted, the system wants to send an authentication to another source that you have access to.  For example:  Alternate email address or cellular phone via text message.


We’ve been using forms of MFA for years and not necessarily putting a term to it.  For example, you go to your bank ATM to withdraw cash from your account, the ATM asks you for a PIN to proceed.  That PIN is a MFA.


The goal of MFA is to create additional defense layers to your online accounts from unauthorized use.  This way, if someone successfully gets your login password, it is not the only defense standing between them and your sensitive information.    You register your alternate method of authentication, such as a mobile device, and when you attempt to log on to your site, it sends you a text with an authentication code to proceed further.


It is important to always perform due diligence on your accounts to update your password regularly as well as review ALL alternate authentication methods to make sure they are in fact your MFA sources (and not a rogue party) as well as they are still active and accessible by you.