Dealing with Cyber Threats: The Evolution of Authentication

Oct 9, 2023

Over the years, cybercriminals have become more sophisticated and employed increasingly complex ways to infiltrate your accounts.

Key Takeaways

  • Over the years, cybercriminals have become more sophisticated and employed increasingly complex ways to commit account fraud.
  • Multi-Factor Authentication (MFA) provides additional verification—beyond your username and password—to confirm your identity and protect access to your accounts. 
  • Morgan Stanley offers MFA options, such as one-time passwords, voice identification and compatibility with authenticator apps and security keys.

As cybersecurity threats continue to escalate, you may have been advised by some of your service providers to use multi-factor authentication (MFA) to safeguard your personal information and sensitive accounts.


While MFA sounds intimidating, the concept behind it is actually simple. MFA basically means using two or more factors or ways to confirm your identity, instead of relying on a single method.


Why is this so important? Employing multiple methods helps increase your cybersecurity and can help protect your money and personal data.


We’ve provided some background information about MFA to help you better understand it, and hopefully feel more comfortable using it.

How MFA Evolved to Improve Security

Over the years, cybercriminals have become more sophisticated and employed increasingly complex ways to commit account fraud.  To counteract this, authentication methods used to identify account holders also needed to evolve.


Authentication started by relying on something you know to confirm your identity, such as usernames, passwords or security-related answers (such as your mother’s maiden name).


The problem with this approach? Individuals would use the same usernames, passwords or security answers for each of their accounts. So, if a cybercriminal determined this information for your email account, for example, they could use it in a domino effect to gain access to your financial, social media and other sensitive accounts.


Additionally, cyber breaches of major organizations exposed much of this personal information, allowing thieves to hit the data lottery. These fraudsters now have access to millions of records containing personal information, passwords, answers to step-up security questions and much more. 


As a result, many institutions concluded this “knowledge-based” authentication approach was no longer sufficient to prevent financial crimes. They began to include an additional cybersecurity requirement – something you have or physically possess – such as your smart phone or other trusted device.


The drawback to this method? What happens if you lose that device? Or if a security code sent to your phone was intercepted by a cybercriminal in a phone porting or SIM card swapping scam?


Therefore, technology was developed that used something you are to identify you – meaning unique human features such as your fingerprints, eyes, face or voice. This biometric approach is the preferred alternative to passwords. So, for example, instead of typing in your password, you just hold up your phone to scan your face. 

Protecting Your Internet Security Through MFA

Again, the best approach is to use a layered strategy that uses two or more ways to verify your identity. At Morgan Stanley, we’ve invested in several forms of MFA to protect your assets and personal data:

  1. 1
    Device recognition:

    Allows you to indicate which of your devices are trusted to handle your financial transactions and communications.

  2. 2
    Push notifications:

    Enables you to receive an alert on your trusted device if we detect a login attempt to your accounts from another device.

  3. 3
    Voice identification:

    Uses a voice print (like a fingerprint) to confirm your identity when you speak to a Morgan Stanley representative by phone.

  4. 4

    Uses facial or touch recognition when using our mobile app in place of a password to confirm your identity.

The Latest Advancements in MFA

For even stronger account protection, we’ve recently introduced two newer forms of MFA: an authenticator app and security keys.


An authenticator app is a third-party application that verifies your identity when you log in to access your accounts on Morgan Stanley Online or our Mobile App. It’s a fast, simple process. When prompted to confirm your identity, you’ll open your authenticator app and retrieve a security code. You’ll then enter the code and click “Authorize” to verify your session.


You can download the authenticator app from your device’s app store. The app is free and is compatible with phone and tablet devices. You can take advantage of this added protection even without cell service and when traveling internationally.


A security key is a small device that resembles a USB thumb drive. Security keys are considered the strongest form of “something-you-have” MFA currently available.


The same key can safeguard your email, social media, banking and other sensitive accounts as long as those account providers offer this technology. So, you won’t need a separate key for each account. (Morgan Stanley supports FIDO2 or U2F keys.)


Using a security key for your sensitive logins will also grant you greater protection from internet scams, such as fake sites implemented by cybercriminals to steal your login information. These phony sites often look so identical to the real site that it’s difficult for unsuspecting users to notice the difference.

Keeping Your Accounts Secure

When it comes to account security, there’s definitely strength in numbers. Make sure to use a layered approach that relies on multiple ways to identify you with all your financial accounts.

Security Center

Learn how to protect yourself.

Find a Financial Advisor, Branch and Private Wealth Advisor near you. 

Check the background of Our Firm and Investment Professionals on FINRA's Broker/Check.

More Stories

Explore more from Morgan Stanley:

Report an Online Security Concern

If you suspect you may be the victim of fraud or identity theft, or if you notice suspicious account activity or receive a questionable email or text that appears to be from Morgan Stanley, please contact us immediately at
(24 hours a day, 7 days a week)
For international clients, please contact your Morgan Stanley Client Representative immediately to report any online fraud or security concerns.