What is Multi-Factor Authentication (MFA), is it important?

By Chris Kalema, Lead Technologist, Unwanted Witness.

The upsurge of cyber-attacks requires not only cybersecurity professionals but also normal internet users to stay one step ahead of the attackers. Cyberattacks on organizations and individuals are increasingly becoming severe, 92% of data breaches in the first quarter of 2022 were due to cyberattacks. Malicious actors are utilizing the opportunity of poorly protected accounts and systems to reap rewards and wealth. Individuals and organizations need to practice good cyber hygiene to prevent data breaches. Multi-factor authentication is one of the essential practices that put an individual or organization into a better position to defend against cyberattacks

Multi-factor Authentication (MFA) makes it difficult for attackers to successfully break into your online account. Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more credentials to gain access to an account. On top of submitting your username/email and a password, MFA will require you to submit more verification information to prove that you’re the real owner of the account. Additional verification information or credentials that may be asked during MFA include:

  1. Things you know: Such as your first pet name, PIN, or password.
  2. Things you have: Such as your smartphone
  3. Things you are: Your biometric information such as fingerprints or facial recognition.

What is the difference between Multi-factor Authentication (MFA) and two-step authentication (2FA)?

Two-Factor Authentication (2FA) requires exactly two factors of authentication for instance your password and your fingerprint. Unlike 2FA, multi-factor authentication requires more than two factors It combines something you know, something you have, and something unique to your physical being. To authenticate your identity, you need to submit all of the previously mentioned credentials. In a nutshell, two-factor authentication is a form of multi-factor authentication.

Although MFA might be frustrating to implement, it is worthy it! Analysis of breaches in the past few years shows that if there had been additional authentication factors, the breaches probably wouldn’t have happened. 

The majority of online service providers like Google, Facebook, Twitter, PayPal, and many others integrated multi-factor authentication into their platforms to uphold user security. Although MFA options are optional to the user, I highly recommend every internet user to enable the 2FA/MFA option. Some online service providers go an extra step to log all of the MFA attempts and alarm the user in case there’s an anomaly. 

“But my password is STRONG” Yes, you might be having the strongest password in the world but it can still get compromised. In the current digital era, it’s not advisable to use a single password as a method of authentication. This is based on the fact that the majority of netizens use weak passwords that can be cracked or guessed with modern techniques like brute force, dictionary, and rainbow attacks. Tools like John the Ripper, Cain and Abel, and Ophcrack can crack a password in a matter of days or hours, depending on how weak or strong the password is. 

A relatively strong password should be; 

  • At least 12+ characters long,
  • Combine Letters, Special Characters, and Numbers,
  • Random and unique. 
  • Not re-used on other online accounts.

How does 2FA work?

When you set up 2-step verification, you’ll be sent a PIN or code, often by SMS or email. You then need to enter this PIN to prove that it’s you (since it’s presumed only you – and not the cybercriminal) who can access your phone or email.

There are different types of 2-step verification. So instead of entering a PIN or code, you may be able to enter your fingerprint, face scan, or use an app (such as those provided by Microsoft or Google).

OK, I’m hooked! How can I set up Multi-factor authentication on my account? 

Now that you’ve learnt what multi-factor authentication is and its importance in securing your accounts online, it’s time to enable it. The process of setting up MFA varies on different online service platforms. This section will forward you to web pages containing guidelines for setting up MFA for the respective online service platforms. 

Turn on 2-step verification for email

Turn on 2-step verification for social media

Turn on 2-step verification for other accounts

For any inquiries about this article, contact chris@unwantedwitness.org.