Student Blog: Trinity Vincent
January 13, 2020
Over the past decade, “MFA” has become something of a buzzword when it comes to privacy. However, you may be left wondering what exactly this is why you should care about it. To start off, the acronym MFA stands for Multi Factor Authentication. This is a security measure that requires you to provide more than one “factor”, or method of identification, to verify who you are. These factors can take any of three forms: something a person knows, something they have, and/or something they are.
For example, when using a credit card you need to know three things: a number, an expiration date, and a PIN. This type of MFA has been around for a while and is nothing new for most people. More recently however, MFA has found various uses on the internet which require a combination of different types of these factors.
With the increased usage of MFA, there are now a number of applications which allow a mobile device user to easily set up and integrate MFA with other services they use or accounts they wish to secure.
These apps use a specific type of MFA called two-factor authentication, which adds a second factor to verify your identity when logging into an account. The first factor is, of course, a strong password.
What these apps add to the equation is something a user has, in addition to the password they already know. The application installed on the phone produces a constantly refreshing passcode that the user must also enter when logging in. This can be accessed by opening the app or via a push notification. Without having their device, which contains the MFA app, the user would be unable to access the code and therefore be unable to log in.
In an effort to become more secure, UT Dallas has recently implemented a such two-factor authentication app called Duo.
Hopefully, you received the information about this and have already signed up for NetIDplus powered by Duo, which is a more secure version of the old NetID system. Duo provides a variety of MFA options to access your account, including a Duo push notification, a phone call, or an SMS passcode. You’ll be prompted to use Duo when accessing more sensitive sites such as your student email, which could be of high value to attackers.
You may be thinking, why do I need MFA? Isn’t this just one more annoying step I have to spend my valuable time on to access the things I need?
The simple answer is that passwords are not enough anymore. Most people use only a few passwords across all services they have signed up for, which increases the likelihood of those few passwords being compromised. In addition, as technology grows more sophisticated, so does hackers’ ability to run cyberattacks and crack traditional methods of security. MFA adds an additional layer that makes it much more difficult for your account to be compromised even if your password is stolen. For example, with UTD’s new Duo security measures, a hacker would have to have stolen your password and gained entry to your mobile device in order to access your account.
Even though using MFA may be an extra hurdle to clear every time you log in, this is a small price to pay for the increased protection of your sensitive personal information and accounts.
Now that you know a bit more about MFA and its benefits, you may want to start using it in other areas as well.
Many social media apps such as Instagram have MFA built in, but not automatically enabled. Check the settings of all the apps you use to see if they support in-app MFA or connection with an MFA app like Duo. Some may use other apps such as Authy or Google Authenticator, and some may simply set up SMS or email push notifications to confirm it’s really you logging in.
The most important apps and websites to try to set up MFA on are those containing especially sensitive info such as banking, healthcare, and email, but it doesn’t hurt to use MFA everywhere you can.
Hackers become more creative every day, but implementing MFA on your accounts is a simple step you can take today to protect yourself from attacks.