Cybersecurity Awareness: Multi-factor Authentication (MFA)

Multi-factor authentication (MFA) takes moments to set up and seconds to verify who you are but can stop 99.9 percent of account compromise attacks. Your password verifies who you are because it is something you know. MFA verifies who are because of something you have. This two-step authentication process helps keep data secure.

Why is MFA necessary?

Everyone is vulnerable to cyber criminals. MFA is an added layer to a thorough cyber security posture, and it's not just for professional purposes. MFA could (and should) be added to your private social media, email and bank accounts, just to name a few. Even if a cybercriminal can obtain your login credentials, proper use of MFA will prevent them from gaining access to personal information. 

Ensuring you have setup MFA for every login available is an easy to way to add a layer of security to your personal life! 

Security champions aren't lazy!

It is very easy to become complacent. Pay close attention when you get an MFA notification, especially if you have enabled push notifications as opposed to requiring a code to be entered. If you didn't prompt for a MFA push notification, don't approve it. It is highly recommended not to enable the "send push automatically feature." You always want to aware of when you are expecting a push notification. 

One last reminder — do not enable the "do not challenge me on this device for XX days" feature. If your machine ends up in hands that are not your own, data could be stolen if access is not challenged by MFA. 

Protect the protection

Never give out a code that you have for MFA, whether it lives in the app or is a texted code. For example, your bank or credit union will not text or call you asking for the code you just received. Cybercriminals will prompt for MFA and then reach out to unsuspecting individuals to try and get the code sent to steal your information. 

For additional information, check out the CISA website.