Have you or someone you know been a victim of cyber criminals who have stolen personal and private information? These incidents are becoming more prevalent as security breaches, stolen data, and identity theft are constantly making headlines. With a cyber hack occurring every 36 seconds in the United States, and more than 54% of Americans using only 5 or less different passwords, it’s only a matter of time that you’ll know someone or worse, it will happen to you.
It’s time to consider using multi-factor authentication (MFA), also known as strong authentication or two-factor authentication(2FA). You may see this technology surfacing more and more with accounts you create. Many financial and healthcare organizations require a password and one of the following to log in to an account: call, text or email. Sound familiar? This is multi-factor authentication. And while it takes a few extra steps and a bit more time, your personal accounts which house your personal data are more secure.
According to NIST, multi-factor authentication is defined as a security process that requires more than one method of authentication from independent sources to verify a user’s identity. You use MFA almost every day if you’re swiping your debit card and entering your pin number immediately after. There are three categories your credentials fall into for MFA, something you have (like a smart card), something you know (like a password or pin), and something that is (like your face or fingerprint). The point of MFA is that your credentials must come from two different categories for it to be considered secure. For example, entering two different passwords would not be considered multi-factor.
Multi-factor authentication does not completely prevent being hacked. It is still possible; however, the odds are very low. One of the easiest way MFA is hacked is through texting or a phone call. Hackers will trick consumers into transferring someone else’s phone number to their own phone. It’s call SIM swapping. The hacker will contact the consumer pretending to be their victims, requesting a new SIM with the victim’s number. This then gives them access to any authentication code sent to that number.
Another way MFA could be hacked is through social engineering. A hacker could contact a target posing as their bank before asking to confirm the victim’s identity by quoting the security code that was just sent to them.
In the last few years, MFA has taken a leap in prevention by verifying identities using voice recognition, facial recognition and even fingerprints. Overtime, our smart devices will get more sophisticated, and we will see MFA with iris scanning, which is considered to be the most secure forms of identity authentication.
One of the biggest question consumers face is ‘when should I use multi-factor authentication?’. Taking simple actions to prevent the likelihood of becoming a victim should be top of mind. You should use MFA whenever possible. The more sensitive your data is, like healthcare records or banking information, the more motivated you should be to set up MFA. If the option is available to enable MFA, you should take the initiative to do so to protect identity and your data from cyber criminals.