When you wouldn't leave your front door unlocked, then why do that with your online accounts?

In May 2021, Colonial Pipeline suffered the largest cyberattack on an oil infrastructure target in the history of the United States. Where 100 gigabytes of data was stolen from company servers. This cyber-attack started from a compromised employee password likely found on the dark web and more importantly, this account did not have Multi-Factor Authentication (MFA) enabled.

With hackers increasingly trying to steal your personal information, it's imperative to take additional steps to protect yourself from identity theft and fraud. Multi-Factor Authentication (MFA) is one such means that will help keep you safe online, while still allowing for easy access to your accounts whenever required.

Having your accounts hacked or stolen can have serious consequences, including:

• Financial loss: If a hacker gains access to your bank or credit card accounts, they can steal your money or make unauthorized purchases
• Theft of Identity and Personal Information: Hackers can use your information to steal your identity and commit crimes or make purchases in your name and may use your personal information for their own gain or to cause harm to you or others
• Damage to your reputation: If a hacker gains access to your social media accounts, they can post embarrassing or damaging content that tarnishes your reputation
• Stress and inconvenience: Dealing with the aftermath of a hacked or stolen account can be stressful and time-consuming, as you'll need to take remedial steps to secure or deactivate your account and possibly cancel or replace credit cards and other documents

While passwords are still important, they are no longer sufficient for protecting online accounts. Passwords can be stolen or guessed, and they can also be cracked with automated tools. Your password is also at risk of being compromised if you choose a common word or phrase that a hacker has discovered as part of another data breach and the same password is being re-used on multiple other sites. Hence, MFA is a necessity to stay secure.

Multi-Factor Authentication (MFA) is a method of authenticating your account with two or more different forms of identification. It's an additional layer of security that you can use to verify your identity, improve the security of your accounts and make them harder for hackers to break into. It is easy to implement and no additional hardware or software is required. It can be implemented in a variety of ways, such as a text message, phone call or one-time password. You can use your existing phone, computer or any other device to setup MFA and configure authentication with any number of providers.

MFA is a security process in which a user is required to provide more than one piece of evidence (or "factor") to verify their identity. This helps to ensure that the user is who they claim to be and helps to prevent unauthorized access to accounts.

There are three main types of factors that can be used in MFA:

• Something the user knows: This could be a password, a PIN, or a security question
• Something the user has: This could be a phone, a token, or a security key
• Something the user is: This could be a biometric factor such as: fingerprint, a facial recognition scan, or a voiceprint

Here's an example of a MFA workflow:

• The user enters username and password (something they KNOW) to log in to their account
• The MFA system sends a code (something the user HAS) to the user's phone via text message (only if the password is correct)
• The user enters the code (along with their password) to finish the login process

Some MFA systems may also use other types of factors, such as fingerprints or facial recognition scans (something the user IS), or security keys (something the user has). The specific factors used in an MFA process can vary depending on the system and the level of security desired (adaptive authentication). For instance, you might be required to provide a password and a code sent to your phone when logging in from a new device, but only a password when logging in from a trusted device. Additional security configurations maybe included in the MFA implementation such as: limit the number of retries, allow MFA login only from white-listed IP addresses, etc

The specific steps for setting up multi-factor authentication (MFA) on different accounts may vary, but here is a general overview of the process:

• Find the MFA or security settings for the account. This is usually located in the account settings or security settings.
• Enable MFA for the account. This may involve choosing which MFA methods you want to use (e.g. text message, phone call, app), setting up a backup method in case your primary method is unavailable, and verifying your phone number or email address.
• Configure your MFA methods. Depending on the MFA methods you've chosen, you may need to take additional steps to set them up. For example, you might need to download an app or register a security key.
• Test your MFA setup. Once you've set up your MFA methods, it's a good idea to test them to make sure they're working properly. This may involve logging out of your account and logging back in again to trigger the MFA process.
• Keep your MFA methods up to date. It's important to keep your MFA methods up to date (e.g. if you get a new phone number), as this will ensure that you can always access your account.

MFA is more secure than using just a password because it's much harder for hackers or phishing scams to steal it from you. If someone gets hold of your password, they won't be able to log into your account without first confirming their identity with the other MFA methods mentioned above. MFA is increasingly becoming a standard security measure with many online services and websites now require MFA for added security. Hence, it is important to be familiar with how MFA works and how to set it up on your accounts. Setting up MFA is relatively easy and the process is generally straightforward and can be done in just a few minutes.

As cyber threats continue to evolve and become more sophisticated, it's important for individuals to proactively secure their accounts and safeguard their personal and sensitive information. Security professionals already face a host of challenges and we must make their lives easier by adopting MFA best practices. While MFA may involve an extra step when logging in to your accounts, the added security it provides is well worth the effort. Enabling MFA on your accounts is an easy and effective way to do so, and the benefits far outweigh any potential inconvenience. You wouldn't leave your front door unlocked, so why leave your online accounts unprotected with just a password only?