You’ve probably heard at least one of these acronyms before: MFA, 2FA, 2SV. Though they’re all slightly different, they can be used interchangeably. What each stands for is:
MFA: Multi-Factor Authentication
2FA: 2-Factor Authentication
2SV: 2-Step Verification
For the simplicity of this article, we’ll refer to it as MFA. But if you see one of these words used in your account settings, pay attention, because you're going to want to activate it!
So what do they mean?
MFA is an authentication method that requires the user to provide two or more verification factors upon login to an online account or application. Using a second factor makes your accounts more secure because then it takes more than knowing your password to hack your account.
ANY FORM OF MFA IS SIGNIFICANTLY MORE SECURE THAN A LOGIN NAME AND PASSWORD!
Why is using MFA so important? Breaking into accounts is one of the most common ways bad actors will try to compromise a campaign.
Using the strongest version of MFA available for the services you use is one of the best and easiest protections you can put in place. Most popular services have MFA as an option. Your Facebook, Email, online bank account, and many other apps give you the ability to turn on MFA inside your security settings. Some accounts will even activate it automatically.
Online account providers use several different methods of MFA. The method of verification can be:
- Something you have: like a security key
- Something you know: like a code given at login (sent to your phone or email) or a PIN that used in conjunction with other login functions
- Something you are: A physical characteristic (biometric), such as a fingerprint, eye iris, voice, typing speed, your gait
Here are some examples of verification methods you may already be using on some of your online accounts, or will be required when you turn on MFA:
-
- Physical Security Key such as the Yubikey or Google’s Titan Key, which you can insert into your device upon login.
- One Time Passwords (referred to as OTPs) sent through email or text. Oftentimes, a code will be sent to you, which you can enter into a box that pops up on your login screen.
- Phone Applications such as the Google Smart Lock App (make this link back to “what is APP?” article), which sends you a notification you’ll approve if you’re trying to log in on a new device.
- Biometric using your fingerprint or facial recognition to open a phone, computer, or app (in these cases the physical possession of the device is the first factor).
Turning on MFA to protect essential accounts is critical. Your crown jewel of all accounts is your email account. If someone gets access to your email account they can cause significant harm to you and others. With access, they can:
- Reset passwords. Many services send a link to your inbox when you forget a password. They click the link and then change your password and get in.
- Phish other people. They can use your email account to phish other people. If they are looking to break into someone else’s account on your campaign, they can send an email from your account that the receiver would have a high likelihood to believe is legitimate. The recipient might then click on any links or open any docs in the email.
- Ice you out of accounts. If they successfully access other accounts, they can go in and change the primary email to one they control, and set up their phone or another form of MFA, making it very hard for you to regain control.
On a campaign, it’s likely that your email account is also connected to other functions like your documents and calendar, making it very critical that you harden access to your accounts.
Learn more: Wikipedia Article on MFA, What is a Physical Security Key?, What is a Yubikey?, What are Google's Titan Keys?, What Type of Key Should I get?
Comments
1 comment
This is my first time seeing the campaign illegally using my phone number and personal data without permission or my knowledge of any account using it. This is identity theft and fraud violations damaging my personal data and other sensitive personal information.
Please sign in to leave a comment.