How to Protect Your Private Information with MFA
Millions of people are unaware of and uninformed about how their personal information is being used, collected, or shared in our digital society. National Data Privacy Day, recognized every January 28, aims to empower individuals to safeguard their personal data online.
Keeping information stored in all your online accounts is definitely convenient, it makes it easier to quickly order from your favorite retailer, schedule a dentist appointment, Door Dash dinner, and even stay on top of your finances through apps and mobile sites. Unfortunately, though, passwords can be relatively easy for scammers to hack, opening the door for identity theft, credit card fraud and more.
Here’s where multi factor authentication (MFA) comes into play. As a means of securing your information, MFA provides an extra layer of protection for your accounts and sensitive data.
Below you will find everything you need to know about MFA, how it works and why it’s an important step in protecting your information.
How multi factor authentication works
Multi factor authentication utilizes two or more factors to allow the user to sign into an account. Generally, these will consist of something the user knows, like a password or PIN, along with one or both of the following:
- Something the user has. This can include a phone, key fob or smartcard.
- Something the user is. This can include an eye or fingerprint scan, or voice or facial recognition.
Accounts that use MFA will not allow the user to sign into their account unless both factors are verified.
Why multi factor authentication is crucial for protecting sensitive information
While passwords can provide some protection against hackers, they’ve often proven to be a weak barrier or just a speed bump against criminals trying to access your information. A recent study by Digital Shadows, a digital risk protection company, found evidence of approximately 15 billion passwords and logins floating around the dark web as a result of 100,000 data breaches. These passwords are up for sale to other cybercriminals, potentially providing them with access to the victims’ financial accounts, credit card information, Social Security data and more.
In addition to opening up the door to sensitive information, a single password can give the hacker entry into a victim’s private life. For example, by hacking into a victim’s Google password, the cybercriminal now has access to their email history, which can include important correspondence and other information; calendar, which can provide a complete picture of the victim’s upcoming events and meetings; YouTube account, which unlocks the victim’s viewing history and uploads, and any other apps that allow users to sign in with a Google account, such as Asana and Mint.
Unfortunately, passwords can be cracked by amateur hackers, even without a data breach. Many consumers make it even easier for hackers to break into their accounts by using weak, ineffective passwords that are simple to guess, and by using the same password across multiple accounts. For these reasons, using MFA when available — especially for accounts that store highly sensitive information — is crucial for ongoing security and protection. This way, in the event of a data breach or hack providing a criminal with your password or login credentials, your information will still be protected. Without access to your account’s second factor for authentication, the hacker has no way to gain entry into your account.
Where you may encounter MFA
In general, the more sensitive the data an account stores, the stronger security measures the company hosting or providing the account will use. Consequently, you’re most likely to encounter MFA on banking apps and accounts, money management apps, investment apps and the like. Depending on your line of work, you may also need to use MFA to sign into your personal workplace account. Finally, some retailers may offer clients the option of using MFA to sign into their accounts.
Under each of these and similar circumstances, using MFA means a login time that’s a bit longer and more complicated than just inputting a password or PIN. However, measuring this inconvenience against the time, stress, and money it will take to recover from a potential data breach makes it more than worth the extra few minutes.
« Return to "Blog"