The Best Two Factor Authentication Methods

MFA, (Multi-Factor Authentication).

You’ve heard of it by now. You’ve probably even read about a cyberattack (or thousands of them) that could have been prevented had MFA been turned on.

The reality is, passwords as a single layer of security are no longer a trusted method and should be reinforced with a multi-factor authentication method. Multi-Factor Authentication is an added layer of security aside from the standard username/password requirement. In addition to entering in their username/password, users will be required to verify their identity via a text message or authentication app.

So What is Two-Factor Authentication and How is it Different than MFA?

Sometimes referred to as 2FA (we know, us techies and our acronyms;), it’s just a subset of MFA and utilizes 2 factors (examples below) to verify the user’s identity (whereas MFA could require two or more factors).

Common Multi-Factor Verification Methods

Text Message or Phone Calls

This is the quickest and most convenient verification method, but not the most secure. This system allows you to set up your cell phone as the verification method so that you can receive a text message or phone call with a one-time code to enter. People would need to have their phones in hand to bypass the second verification step. However, hackers have refined the methods they use, so this is not a verification method we recommend. Attackers can gain access to codes through a SIM swap and even intercept, phish, and spoof your texts.

Authenticator Apps

There are downloadable authenticator applications that will generate a new code every 30 seconds for accounts. Some of the best authenticator apps are Authy, Google Authenticator, and Microsoft Authenticator. Download the authenticator app of your choice, scan the QR codes when adding new accounts (think Amazon, email, banking), and use the generated codes whenever you need to log in anywhere.

Backup Codes

We don’t know many people who leave their house without their cell phone or plan to be without it for a while, but in the off chance you have to manage either of those scenarios, you can use a backup code for 2-step verification when trying to log into an account. Depending on the account, most backup codes can be found in Personal settings under the security menu. From here, you can print off backup codes to take with you on the go and use at your convenience.

Security Keys

This is the most secure form of 2-step verification, and it protects against phishing threats. Depending on which security key you are using such as hardware, Titan, or your phone’s built-in security key, users can set up their account so that devices detect the security key associated with your account. Connect your security key to your device and use it to log in.

Account Prompts or Push Notifications

This method is simple and straightforward. Some accounts, like Google, will ask you if you are “Trying to sign in?” which you’ll confirm by tapping on your mobile device. This method is easy and quicker than entering in a verification code. This same process is applied to push notifications. Depending on your setup, you can receive a push notification to your device asking to confirm the log-in attempt.

Widespread data breaches are a common occurrence, so single sign-on methods are no longer a trusted form of security. A few minutes of your day setting up 2-factor authentication will save you hours of headache down the road trying to manage a breach of your data.

If you or your organization needs assistance with setting up MFA, please contact a member of our team today, and we’ll help you get started.

Lexington Geek provides comprehensive managed IT services for a diverse range of businesses and non-profit organizations. We are passionate about IT and love what we do!

Stay updated by signing up for our newsletter