Phones, computers, and appliances all store vital information. Passwords are one of the first steps to protecting that information - digital keys to our online kingdoms. But you can make login information more secure by pairing the password - something you know - with another factor, such as something you have or something you are. Something you have might be a smartphone, and you can prove you have the phone by reporting back the PIN code that was sent to it in a text message. Something you are could include your fingerprint or other biometric data. When two of these factors are combined to secure an account it is called Multi-Factor Authentication.
Why Should I Use Multi-Factor Authentication?
Multi-Factor Authentication is an important layer of defense beyond your password. It decreases your risk of falling victim to a compromise because criminals need access to two separate items to compromise your account – for instance your password and your smartphone (to receive the PIN code). Cyber criminals regularly “leak” (release) login credentials from compromised websites. They then use these leaked login names, email addresses, and passwords to find other accounts using the same credentials. This allows them to easily impersonate you online, gain access to work and personal accounts, sign online service agreements or contracts, engage in financial transactions, or change account information. Enabling Multi-Factor Authentication makes it more difficult for criminals to use this technique against you because a password would not be sufficient to gain access.
Turning on Multi-Factor Authentication
Turning on Multi-Factor Authentication is really important on websites that process financial transactions, contain sensitive information, or could be used to impersonate you (such as social media). You can usually enable Multi-Factor Authentication through the security settings and directions to enable Multi-Factor Authentication are available in the help section of each website (it may be called “login verification” on some websites). If you can’t find the directions on how to enable Multi-Factor Authentication on a specific website, an Internet search for “enabling Multi-Factor Authentication on” and the name of the website will usually get you the directions.
Sites and Services with Multi-Factor Authentication
A few examples of companies that offer Multi-Factor Authentication for their accounts include:
- Gmail / Google
- Microsoft / Xbox Live
- Sony Playstation Network
Please visit the official websites for these companies for more information about their Multi-Factor Authentication services.
One of the most common components of Multi-Factor Authentication is a strong password. Typically this means making the password long, complicated, and unique. But remembering all those passwords can be a challenge. So while you’re implementing Multi-Factor Authentication on your accounts, you might also consider choosing a password manager.
A password manager is a password-protected application that can run on a computer, smartphone, or in the cloud that securely tracks and stores other passwords. This means you only have to remember one password! Most password managers can also generate strong, random passwords for each account. As long as the password to access the password manager is very strong and unique, and the location of the password manager data is protected, this technique can be effective at securing login credentials. When choosing a password manager, ensure it is from a known, trustworthy company with a good reputation. Only use a password manager that stores the information on the device and use it on devices you trust and can keep secure.