As cybersecurity threats continue to escalate, you may have been advised by some of your service providers to use multi-factor authentication (MFA) to safeguard your personal information and sensitive accounts.
While MFA sounds intimidating, the concept behind it is actually simple. MFA basically means using two or more factors or ways to confirm your identity, instead of relying on a single method.
Why is this so important? Employing multiple methods helps increase your cybersecurity and can help protect your money and personal data.
We’ve provided some background information about MFA to help you better understand it, and hopefully feel more comfortable using it.
How MFA Evolved to Improve Security
Over the years, cybercriminals have become more sophisticated and employed increasingly complex ways to commit account fraud. To counteract this, authentication methods used to identify account holders also needed to evolve.
Authentication started by relying on something you know to confirm your identity, such as usernames, passwords or security-related answers (such as your mother’s maiden name).
The problem with this approach? Individuals would use the same usernames, passwords or security answers for each of their accounts. So, if a cybercriminal determined this information for your email account, for example, they could use it in a domino effect to gain access to your financial, social media and other sensitive accounts.
Additionally, cyber breaches of major organizations exposed much of this personal information, allowing thieves to hit the data lottery. These fraudsters now have access to millions of records containing personal information, passwords, answers to step-up security questions and much more.
As a result, many institutions concluded this “knowledge-based” authentication approach was no longer sufficient to prevent financial crimes. They began to include an additional cybersecurity requirement – something you have or physically possess – such as your smart phone or other trusted device.
The drawback to this method? What happens if you lose that device? Or if a security code sent to your phone was intercepted by a cybercriminal in a phone porting or SIM card swapping scam?
Therefore, technology was developed that used something you are to identify you – meaning unique human features such as your fingerprints, eyes, face or voice. This biometric approach is the preferred alternative to passwords. So, for example, instead of typing in your password, you just hold up your phone to scan your face.