MFA, Multi-Factor Authentication, is a security enhancement that requires two or more different forms of authentication to gain access to an account. These forms can be something you know (your password or pin), something you have (a smart card or key), or something you are (your fingerprint or eye scan).

MFA is a hot topic these days in the IT world. With hacking attempts consistently on the rise, it is becoming increasingly more important to secure online accounts and data as much as possible.

Last year, internal Microsoft users who enabled MFA blocked around 99.9% of automated attacks against their Microsoft account.

So we know MFA is important and effective, but what do the experts say about how to use MFA?

Microsoft is urging users to stop using SMS text and voice calls for MFA.

Experts know that telephone networks are prone to security issues:

  • SMS and voice calls are transmitted in cleartext and can easily be intercepted by the bad guys.
  • There are also readily available phishing tools that can quickly grab SMS-based one-time codes.
  • Phone network employees can also be tricked into transferring phone numbers to a bad guy’s SIM card, called SIM swapping, allowing attackers to receive the MFA codes on behalf of their victims.

A more secure option includes app-based MFA, like Microsoft’s Authenticator app.

The most secure option includes hardware security keys.

But always keep in mind, some type of MFA is better than no MFA.