Benefits of multi-factor authentication
While a password can be used anywhere, factors like a fingerprint are something only you have. So, even if a cyber-criminal gets your password, they still don’t have everything they need to get into your account. Just adding that extra step to the login process, especially using something that is not generally reproducible, makes your accounts and devices that much more secure.
Types of multi-factor authentication
While any extra protection is a good idea, some forms of multi-factor authentication are more secure than others. We have listed them below from least to most secure.
Text message or email
Two-step verification using a text message is the most common form of multi-factor authentication, but is not very secure. These messages are often visible on your phone’s lock screen. There has also been a rise in hackers attacking phones, phone numbers or messaging centres within mobile networks, enabling access to a phone’s apps, messages and more. Email is even less secure. With this method, you could be vulnerable to a phishing attack if your account has already been compromised. This is where a criminal tricks you into giving personal information by sending you an email that looks legitimate.
A more secure form of authentication is token-based, which creates a single-use login code. Popular apps include Authy, Google Authenticator and Microsoft Authenticator, which generate a one-time code every 30 seconds. Some password managers, like 1Password, also offer the service. These are more secure, as it is less likely for a hacker to get onto your device and generate a code than to access your online accounts.
Hardware tokens are physical devices that look like a USB or keychain. You plug it in to your computer to generate a one-time passcode. This is a more secure choice, as the passcode is not sent over the internet.
Biometrics are biological measurements or physical characteristics, such as a fingerprint, speech patterns or facial structure, which can be used to identify an individual. While using biometrics may seem like something Tom Cruise would do in one of the 17 Mission Impossible movies, their use is becoming more common. Some banks use voice recognition to verify your identity when you call them, analyzing aspects like your accent and rhythm. When you use your thumbprint to open your smartphone, that is biometrics too. It is very difficult for hackers to interfere with biometric forms of authentication.
Take our free course: Cybersecurity for remote workers
We’re offering a free online course that covers cybersecurity basics while working remotely.
You may also be interested in learning more about CIRA Cybersecurity Services that are helping protect Canadians against cyber threats, including Canadian Shieldand atraining program and platform for businesses and organizations.