Multifactor Authentication

Phones, computers, and appliances all store vital information. Passwords are one of the first steps to protecting that information; digital keys to our online kingdoms. But you can make login information more secure by pairing the password--something you know--with another factor, such as something you have or something you are. Something you have might be a smartphone, and you can prove you have the phone by reporting back the PIN code that was sent to it in a text message. Something you are could include your fingerprint or other biometric data. When two of these factors are combined to secure an account it is called multifactor authentication.

Why Should I Use Multifactor Authentication?

Multifactor authentication is an important layer of defense beyond your password. It decreases your risk of falling victim to a compromise because criminals need access to two separate items to compromise your account, for instance your password and your smartphone (to receive your PIN code). Cyber criminals regularly "leak" login credentials from compromised websites. They then use these leaked login names, email addresses, and passwords to find other accounts, sign online service agreements or contracts, engage in financial transactions, or change account information. Enabling multifactor authentication makes it more difficult for criminals to use this technique against you because a password would not be sufficient to gain access.

Turning on Multifactor Authentication

Turning on multifactor authentication is really important on websites that process financial transactions, contain sensitive information, or could be used to impersonate you (such as social media). You can usually enable multifactor authentication through the security settings and directions to enable multifactor authentication are available in the help section of each website (it may be called "login verification" on some websites). If you can't find the directions on how to enable multifactor authentication on a specific website, an internet search for "enabling multifactor authentication on" and the name of the website will usually get you the directions.

Sites and Services with Multifactor Authentication

A few examples of companies that offer multifactor authentication for their accounts include:

  • Apple
  • Facebook
  • Gmail / Google
  • Amazon
  • Microsoft / Xbox Live
  • Sony Playstation Network

Please visit the official websites for these companies for more information about their multifactor authentication services.

Password Managers

One of the most common components of multifactor authentication is a strong password. Typically this means making the password long, complicated, and unique. But remembering all those passwords can be a challenge. So while you're implementing multifactor authentication on your accounts, you might also consider choosing a password manager.

A password manager is a password-protected application that can run on a computer, smartphone, or in the cloud that securely tracks and stores other passwords. This means you only have to remember one password. Most password managers can also generate strong, random passwords for each account. As long as the password to access the password manager is very strong and unique, and the location of the password manager data is protected, this technique can be effective at securing login credentials. When choosing a password manager, ensure it is from a known, trustworthy company with a good reputation. Only use a password manager that stores the information on the device and use it on devices you trust and can keep secure.