Why Multi Factor Authentication is Important

By Tyler W

Aprial 08, 2022

Why Multi Factor Authentication is Important

What Is Multi-Factor Authentication?

Multi-factor authentication is a security feature that many services offer to enhance the security of user accounts. It will typically use two or more forms of identification to make it more difficult for someone else to access your account. If a password is something you know, then a multi-factor authentication method is something you have (such as an expiring code or a hardware key) or possibly something you are (such as biometrics).

The following are some examples of what you will use as multi-factor authentication methods:

SMS Codes: This will require an SMS code sent to the device you registered with your account. [We consider these the least secure method and encourage an alternative method (below) but if you cannot access any other means, an SMS code is sufficient.]

Authentication Apps: These apps installed on your mobile device (can be an iPod, for example) and provide an expiring code of 6 numbers (normally) that you can enter to verify that the login is coming from the registered account.

Physical Hardware Keys: a physical key such a YubiKey or OnlyKey provide a physical verification to the account. You must have this device connected to the computer and engage with the key at log in to verify it is the correct user accessing the account.

What are the Advantages of Using Multi-factor Authentication?

The most important advantage of using multi-factor authentication is that it increases the security of your account. It is harder for hackers to break into your account because they need the password and something else to log in.

Two-factor authentication eliminates the opportunity for anyone to steal your password and login to your account without permission. This means that you can be sure that even if someone gets access to your password, they won't be able to get access to the account with this information alone.

Challenges of Multi-factor Authentication?

Multi-factor authentication is a type of two-step verification that requires two types of identification to log in, one being something you know (password) and the other being something you have (token).

The problems associated with multi-factor authentication are not difficult to understand. The biggest issue with this system is the need to carry around a physical token or have your device with you in order to access any account. This however, is an inconvenience only, and represents the only real challenge of deploying multi-factor authentication. Don’t let this inconvenience deter you.

Can Multi-factor Authentication be hacked?

Multi-factor authentication is a vital part of securing an account. It provides a second layer of protection that can verify the identity of the user and minimize the risk of hackers, bots or other malicious actors accessing sensitive data. But if we think about it, there are some cases where multi-factor authentication can be hacked.

A method used by hackers is to use "man in the middle attacks," which is when they intercept and manipulate data packets on a network. They do this by impersonating both ends and gaining access to sensitive information before passing on to its intended destination.

Another method is using phishing emails, which are emails that aim to trick users into giving up sensitive information such as usernames and passwords or downloading malware on their device. The email will contain malicious attachments that will infect the recipient's device with malware, leading to data theft.

Should you ever turn Multi-factor Authentication off?

This question is quite popular in the security industry. There are many arguments for and against turning off this feature.

It all comes down to how much do you value your data and privacy? If you value your privacy over everything else, it should never be turned off, even if deemed inconvenient. If you are happy to flirt with danger for the sake of convenience only, then by all means use single factor authentication (password) only but ensure you have good password hygiene and understand the risks