One big leap to protect your information

There are many ways to protect important personal information including using strong passwords, freezing your credit, and being careful what you post on social media.

There is one safeguard, however, that has become indispensable in today's world - multifactor authentication (MFA), also sometimes referred to as two-factor authentication.

It's a wonky phrase for a pretty simple, but very strong, method to protect your information. MFA requires anyone logging into an account to prove their identity multiple ways.

MFA is usually defined as:

  • Something you know, such as a password or PIN.
  • Something you have, such as a smartphone.
  • Something you are, such as a biometric information like fingerprints or voice recognition.

How does it work?

When you turn MFA on for an account, logging in will require another piece of information in addition to your username and password.

This can happen in many ways. For example, some people use an app on their phone such as Google Authenticator to provide a one-time code. Others use a physical piece of hardware called a token or key to gain access to their accounts, or biometric information such as a facial scan.

The simplest and most common form of MFA is a code that is texted to your cell phone or emailed to you. There is plenty of debate over which type of MFA is most secure. But here's the truth: Any MFA is better than no MFA. Use the method that works best for you.

Here are some types of accounts that often offer MFA. Check to see if you can turn MFA on:

  • Banking.
  • Email.
  • Social media.
  • Online stores.

Can MFA be hacked?

While MFA is one of the best ways to secure your accounts, there have been instances where cybercriminals have gotten around MFA. However, these situations typically involve a hacker seeking MFA approval to access an account multiple times and the owner approving the log-in, either due to confusion or annoyance.

Therefore, if you are receiving MFA log-in requests and you aren't trying to log in, do not approve the requests. Instead, contact the service or platform right away. Change your password for the account ASAP. Also, if you reused that password, change it for any other account that uses it (this is why every password should be unique).