Using a Cell Phone To Login? Multifactor Authentication Is Why!

Why do certain websites today request to send a text message with a code to access my account online? The code I enter is just one extra step that makes it harder for me to get to my account. Why do I have to jump through these loops just to access my information?

The institutions are forcing (or in some cases volunteering) you to use multi-factor authentication. Other common names and acronyms include two-factor authentication, 2FA, or MFA. Lets break down each word in multifactor authentication. The word “multi” simply means more than one. “Factor” is a fact or occurrence that contributes to an outcome. Finally, “authentication” is the process of verifying or proving something true. Together, multifactor authentication is using two or more facts to prove something true. The websites and institutions are using facts that you know to prove your identity before allowing you to log into the site.

There are three primary “factors” that assist institution to verify your identity including something you know, something you have, and something you are. Examples of each factor include:

Many having been using multifactor authentication for a while but you may not have realized it. Using a key to lock and unlock a house door, using your fingerprint to access your iPhone, or using a debit card in conjunction with your PIN number are all examples of multifactor authentication.

Multifactor authentication is more prevalent today as many financial and insurance institutions upgrade their information technology and cyber security systems. And why would such institutions want to enforce multifactor authentication? To put it simply, the more factors an institution can use to verify your identity, the more assurance the institution has its authenticating the legitimate account owner. In turn, that means the less likely it is for hackers to access your account, thus preventing the company from having to absorb financial losses

Is multifactor authentication effective? Why you should use multifactor authentication if it’s an option.

There is an observation called Moore’s Law that states every 24 months the performance of a computer or microprocessor chip doubles. Moore’s law had held up over many decades. What does that mean for your password? It means that the same password you have been using for the last 10 years is much easier for hackers to figure out today. Unfortunately, institutions cyber security practices cannot always keep up with the pace of technology change, leaving your account vulnerable. Many bank and brokerage websites still do NOT require you to use a more complex password.

This is where multifactor authentication comes in. When you combine your password with a second factor for authentication, hackers have a much harder time accessing your account! Even though multi factor authentication is a little more work for you, it discourages hacking. Hackers are more likely to target others those who are not using multi factor authentication. Having multifactor authentication is better for cyber security than just having a complex password on its own.

The key point is passwords on their own are easier to break today than what they used to be. And to access your key financial information, hackers do not have to directly go after your account at your institution. Bad guys may attempt to access your email account or online cloud storage account to gain access to your financial data online. Even if hackers gain access to your password from your email account, multifactor authentication makes it much harder to access the second factor, such as your cell phone or your fingerprint, to gain access your account. Typically, you don’t realize when someone steals your username and password, but you do notice when someone steals your iPhone.

So how can you use multifactor authentication in practice?

First, add multifactor authentication to any financial institution, especially where money can be easily transferred into or out of. Think about your brokerage account or IRA at Vanguard, Charles Schwab, Fidelity, or Merrill Lynch. Op for an app you must download and install on your cell phone if possible, like Symantec VIP. Otherwise, select to receive text messages or email communication.

Second, use multifactor authentication to secure your email account. Your email account may be a gold mine for hackers. Email accounts are an excellent gateway for hackers to learn more about you and to gain access to sensitive information. There tends to be more data in your email account than what you think. Use the search feature and type in the last 4 digits of your social security number or your birthdate and see what comes up. You may be surprised with the result. Email providers such as Google allow you to set up multifactor authentication to access your email account. In addition, Google can also send an email to a secondary/backup email address if Google suspects unusual activity.

Third, make sure to use passwords that are at least 10-12 characters and as complex as the institution allows. The longer and more complex your password is, the harder it is for a hackers to figure out. A password manager can help to collect and manage your passwords (a future topic discussion). Also, keep answers to security questions private like you would your passwords. Security questions tend to be “facts” about you that other can find out. Make your answers something different. On the Internet it is not hard to figure out your hometown.

Finally, only use your computer or cell phone at home to access your accounts. Using multifactor authentication really makes you think about the computer you are using to access the information and whether using that device to access your account is a good idea. Let’s say you want to check your friend or family member’s computer. The institution doesn’t recognize the computer you are trying to log in from and sends a text message code to you. But you cannot log in because your cell phone battery is dead. Oops, you cannot log into your account. Multifactor authentication stops and makes you think whether accessing your account on an unfamiliar computer or device is a good idea or not. Unless something is critically important, the answer is probably not. In addition, using the same computer constantly to access your account helps the institutions identify when someone else is trying to access your account. If someone can access your account, the institution will immediately be suspicious of the account access.

Hackers are always looking for new tools, techniques, and practices to gain access to your critical data. Do yourself a favor and evolve your cyber security practices over time also. A little more work to access your account using multifactor authentication means a lot more work for hackers. Let them pass on your account and look for an easier target.