Let’s chat about multi-factor authentication, many years ago having a single simple password for all your sites was common practice. As the Internet has grown up so have the mischievous behaviors of others. Today you must enable multi-factor where possible, I strongly urge you to do so. The headache of dealing with a lost account or taken over account is a major pain! Depending on the account it could be financially or emotionally painful.
Call to Action
First – Ensure you have multi-factor enabled is your email account. Why you may ask, most websites allow you to reset your password by sending you an email. This makes your email account one of the most valuable passwords you have.
Second – Ensure the sites you shop at are using multi-factor, think Amazon, Walmart.com and others.
Third- Ensure your social media accounts have multi-factor enabled. Who wants someone to get a hold of their social media account and have access to send wild things to all your friends. or to take over your identity.
Finally – As you visit sites and notice you don’t have multi-factor make sure that you enable multi-factor if possible.
Want to know more?
The idea of two-factor and multi-factor fall in to several categories and you must have two or more to become multi-factor.
Something you know, in this case a password or pin code.
Something you are, think fingerprint, facial id or retina.
Something you have, think a phone with a text message, a time based fob or code, Yubi key, and card keys. Something to think about in regards to the something you have is how easy can someone else gain access to that item, most modern one-time time based token applications like Microsoft Authenticator can enable face ID or a password to show the code, this helps secure the something we have making it a higher assurance level.
Here is a great write up from CISA which is Americas Cyber Defense Agency: https://www.cisa.gov/MFA