Cybersecurity Awareness Month is celebrated each October as a way to promote safer use of internet technologies and services. Throughout the month, we will be publishing weekly articles about best practices for protecting your accounts. Each week will follow one of the official themes for Cybersecurity Awareness Month 2023. The theme for the this week is multi-factor authentication.
Multi-factor authentication (MFA), also known as two-factor or two-step authentication (2FA), is an additional means of user verification prior to being allowed access to your account. Which accounts does this include? Well, it should include all accounts that you use that offer it as an option.
We’re all familiar with MFA on our Providence College accounts. It’s the use of a text message, phone call, or the Microsoft Authenticator app as a second means of verification after entering our passwords. MFA provides a stronger protection over your account, helping to prevent unauthorized access in the event your password is compromised.
But how can my password be compromised if I never share it?
That’s a great question. Hackers, scammers, and other ne’er-do-wells are constantly at work trying to break into the servers that contain user information from all the biggest internet services out there. Sometimes they succeed, and when they do, they release or sell the account information, which can include usernames, email addresses, and passwords contained on those servers. You can use an online service such as “have i been pwned?” to see if your accounts have been involved in any of these incidents.
MFA might seem like a hassle, but it is a crucial addition to your account to keep access to it out of the wrong hands. You can often find MFA options for accounts on sites such as:
- Online banking
- Social media
- Email accounts
- Healthcare providers
- Businesses
- Password managers
When combined with the strong password recommendations from last week, MFA makes your account nearly impossible to break into. However, you should be aware that not all MFA methods are created equal. The strongest method is an authentication app, such as the Microsoft Authenticator, with text messages, phone calls, and emails being progressively weaker. Verification requests sent to an authentication app are far more difficult to be intercepted than text messages or phone calls or an email to an account that may have been compromised.
Look for MFA, 2FA, two-factor, two-step, or multi-factor authentication options in your account settings for all your internet accounts. And always remember to never reuse the same password across different services.
