How to use MFA to keep attackers out

knight+on+cliff.jpg

BY KERRY TOMLINSON, AMPERE NEWS

JULY 9, 2021

You're probably already using it. And you need to use it more.

MFA stands for multi-factor authentication. It's an extra step to help verify --- or authenticate --- you before you sign into an account.

For example, you may get a six-digit code sent to your phone when you try to sign onto your favorite social media platform. You enter the code into the site and then you're allowed to enter. That code is the extra factor.

Why do you need to use it more? We've made our passwords easy to guess and we re-use them on many accounts. It's easy for attackers to use automation and crack our passwords, sometimes in seconds. MFA is extra protection, like the deadbolt on your front door or a steering wheel lock on your car, to make sure it's you.

HOW DO YOU DO IT?

Start with your most important accounts, like financial and work.

Find out how that company uses MFA. Look over the site itself, or simply do a search online, like "MFA Twitter" or "how to MFA Facebook," for example.

One trick —- different sites use different names for MFA. Look for:

---MFA or multi-factor authentication
---2FA or 2-factor authentication
---Two-step verification
---Login verification
---And more

You can also use the chat function on the site or contact support to see how you can set it on your account.

CHOOSE YOUR STYLE

There are different ways of carrying out that extra step.

Text messages

One of the most popular ways is getting a text message on your phone. It's fast and easy. Attackers are working on different ways to get around this kind of MFA, so it's not considered the most secure method. But it's better than no MFA.

Apps

There are many apps that offer MFA. Some companies require you to use their app. Experts say you should check out well-known, reputable info sources like PCMag, Tom's Guide, and WireCutter to find recommendations for and reviews of authenticator apps.

Tokens

There are other ways of getting a code without using your phone. Some people carry a small device called a token that generates a number when you need it.

Keys

You can also carry a special key that plugs into your device and verifies you. Reputable publications offer reviews of which keys might work best for you. Don’t just search up “best MFA keys” or “best authenticator apps,” as attackers make fake sites to try to lure you in.

Habits

There is another kind of verification that may be happening without you knowing it. Some companies, especially banks, use your habits to build a profile of you. How do you hold your phone? How do you swipe? How do you type? All potentially unique to you.

If you normally sign on to your bank account on your phone from Starbucks on Tuesday mornings, your bank might throw up a red flag if someone is signing on as you from a stranger's laptop in Madagascar at on 2 am on the weekend.

ON EVERY ACCOUNT

You'll want to use MFA on every account, even though it may seem like a headache. Start with the most important accounts first, then work your way through all of them over time. If you don't do it, attackers will. In some cases, attackers have broken into accounts, and turned on MFA for themselves. When the victims try to prove the account is theirs, they find it very difficult, since the attacker has total control.

 

Featured Stories

Featured
Scammers are stealing people's faces for live video calls
Scammers are stealing people's faces for live video calls
Learn to detect a deepfake voice with an Elon Musk clone
Learn to detect a deepfake voice with an Elon Musk clone
Would you fall for this fake email written by AI?
Would you fall for this fake email written by AI?
Here's how easy it is for scammers to use PayPal to trick you
Here's how easy it is for scammers to use PayPal to trick you
Thieves are running illegal travel agencies with your stolen points
Thieves are running illegal travel agencies with your stolen points
Patrick Miller