Multi-Factor Authentication (MFA) sounds like a complicated term to understand, but it’s something you’re probably already doing every time you try to log into your bank account online or sign-up for a new account.
MFA’s primary purpose is to confirm your identity – or to check if you’re really who you say you are. In order to do this, multiple factors (or credentials) are involved to authenticate your identity. So without MFA, your log-in process would only be entering your username and password. With MFA, however, you might be asked to input a One-Time Pin (OTP) sent to your phone as well.
There are three basic factors for authentication: something you have, something you know, or something you are.
Something you have could be an ATM card or your mobile phone, while something you know could be a PIN number, a pass code, or a pattern. On a spy-movie level of identification is the “something you are” – biometrics. This could be your fingerprint, voice print, or even your face (think Apple’s Face ID system).
Some would also add that location and time can also be considered as authentication factors. Twitter and Gmail, for example, send notifications when your account has been opened on an unfamiliar device. The alert is created because the location is different from where the device is usually logged into.
When these factors are combined, your levels of security are also increased, because you aren’t relying on just one thing to protect you.
If you’re only counting on your password, most (if not all) hackers are trained to hack through that. Enabling MFA, on the other hand, can deter a certain subset of hackers who are untrained or unequipped for that level of hacking. MFAs are also useful in case the “something you have” (like your ATM card) gets stolen, since completing a transaction requires an OTP. However, it is still best to apprise your bank as soon as your card was stolen.
There are multiple reasons why you should activate your MFA on every app, website, and device, but the main reason is to keep your identity (and your accounts) secure. This is why it’s best to transact on apps that utilize MFA, because even though the process can be tedious, it will still be more secure than without. Remember, taking extra, simple steps can make a difference!
This article is part of the Banker’s Association of the Philippines’ (BAP) #CyberSafe campaign, where the BAP aims to promote awareness in cybersecurity. The campaign will upload new posts tackling common web security questions and issues on Wednesdays and Sundays every week.
For more content on cybersecurity, visit the BAP Official YouTube channel.