Online security as easy as 1, 2, 3

You may have heard the phrase ‘multi factor authentication’ (or MFA) mentioned when it comes to keeping our online world safe and secure. But what exactly is it?

March 11, 2024

Imagine your online accounts are houses, and your password is the key. But what if someone copies your key? That's where Multi-Factor Authorisation swoops in to save the day!

Multi-factor authentication (MFA) is like having a mega lock on your digital life. It needs more than just the key (your password) to get in. It's like asking for a secret handshake, a special code, or even a fingerprint after you've used your key, making it way tougher for the bad guys to get in.

So, how does MFA work?

It's all about combining different types of security checks, which fall into three main categories:

  • Something you know: This is your password or a PIN. It's the basic 'key' to your account.

  • Something you have: This could be your smartphone. After entering your password, you'll get a message or use this device to prove it's really you trying to get in.

  • Something you are: This sounds like sci-fi, but it's things like your fingerprint, your face, or even your voice. These are unique to you and pretty hard for someone else to copy.

When you use MFA, you're asked for at least two of these things to log in. For example, you might enter your password (something you know) and then receive a code on your phone (something you have) that you need to type in before you can access your account. This way, if a hacker gets your password, they still can't get in without also having your phone or your fingerprint.

Why is Multi-Factor Authentication important?

It's because passwords alone aren't as secure as we'd like them to be. People often choose easy-to-guess passwords or use the same password for multiple accounts, making it easier for hackers to break in. MFA adds those extra layers of security, making your accounts much safer.

It might seem like a bit of a hassle at first, having to take an extra step or two to log in. But just like locking your doors and windows at night, it's a simple habit that can protect you from a lot of potential trouble.

Most of the time, setting up MFA is pretty straightforward. You'll usually find the option in the security settings of your online accounts. It might involve scanning a QR code with your phone, choosing to receive text messages, or setting up a fingerprint scan. Once it's set up, it just becomes part of your routine, like grabbing your keys when you leave the house.

You should turn on MFA wherever possible, starting with your important accounts, such as:

  • User and email accounts, since a cybercriminal with access to your email accounts can reset passwords for your other accounts.

  • Financial services, such as your online banking.

  • Accounts that save or use your payment details (e.g. eBay, Amazon, PayPal).

  • Social media accounts (e.g. Facebook, Instagram).

  • Any other accounts that hold personal information (e.g. myGov).

How to turn on MFA depends on the software or service you are using however the steps are similar for most applications. For more information go to: Turn on MFA

Extra online security tips

  • Don’t click on account sign-in hyperlinks that you received via SMS or emails.

  • Scammers may impersonate your bank or a government department, and trick you into clicking a link and give out information such as your account number, password, or credit card numbers. If you have any doubts about a message or call, contact the organisation directly: visit the official website to find their phone number or to log in to your account via the official website. Do not click any links or contact details given to you in the message.

  • Don’t share MFA codes or approve unknown sign in attempts.

  • Requests for sign in approvals and the security codes that you receive are the system’s way of checking that you are the person who signed in. If you give someone else your MFA code or approve unknown sign in attempts, then someone else might be able to log into your account. Never approve unknown sign in attempts or share your MFA code.

Keep up to date

Make sure that any alternative authentication methods such as your recovery email addresses are at least as secure as the primary one that you use to log into your accounts, and are kept up to date.

Remember to transfer your authenticator when you change devices.

This is some text inside of a div block.
No items found.