Why Multi-Factor Authentication Is Critical To Stopping Hackers From Getting Into Your Accounts
2 minute read | Last updated 4-Feb-2022 | 
Security, Ship30for30
A recent study from Microsoft showed that only 22% of the Azure Active Directory customers are using multi-factor authentication. That’s a much better result than Twitter, which after a major push had 2.3% of their accounts enable this feature.
What Is Multi-Factor Authentication?
Authentication is the term the security community uses to to verify who you are. To do that, we usually ask you to provide at least one of the following;
- Something you know
- Something you have
- Something you are
There are called factors.
More sites—like Twitter—ask you for a username and a password. The password is a “something you know” factor.
Passwords Suck
Passwords are a frustrating solution to a really challenge problem. There’s a lot of misconceptions about passwords out there that have built up from a lot of bad implementations.
The tl:dr on passwords is the longer the better. Think passphrase not password.
But, the reality is that passwords can and are regularly compromised. You need a better way to prove that you are in fact, you.
More Factors
Enter two factor (2FA) or multi-factor authentication (MFA). This is when instead of just asking for one thing you know, the system asks for more proof.
Ideally, these additional factors are in different categories.
Most multi-factor systems use either a smartphone app to generate a unique, temporary code or they text you one. This proves “something you have” …the phone you set up for your second factor.
Stronger Authentication
Adding this second factor adds a little bit of friction to the act of logging in. However, it’s a major frustration for hackers.
It’s so frustrating, that Microsoft claims it’ll stop 99.9% of attacks on user accounts. I don’t know if that number will hold up but it certainly makes compromising your user account significantly harder with minimal effort on your part.
Knowing that, it’s time to take five minutes and setup multi-factor on all of your accounts; like Gmail, Facebook, LinkedIn, and Twitter.