Following the announcement from Bailiwick of Guernsey Law Enforcement encouraging businesses to use multi-factor authentication (MFA) last week, we have compiled the following guide to help you through setting up MFA on your online accounts.
What is it?
MFA is another level of security that can help to protect your account should your login details be compromised. Whilst it can be very easy to say "it can't happen to me", even the most careful of online users can be caught out and it's better to be safe than sorry.
Many individuals will use passwords that aren't complex enough or passwords that they use across multiple websites or slight variations of and it's only a matter of time before the online service you use is subjected to a hack and your sensitive information finds itself on the dark web. It's not just small businesses that get hacked, big players like Linkedin, Adobe, eBay, MyFitnessPal, Canva and Yahoo are among the most notable data breaches of the last decade, with the latter reportedly affecting user accounts numbering in the billions.
The most common approach to MFA is using the platform's native offering. eg. Facebook will send a text message to your mobile phone. Once activated, when you log in to your Facebook account on a device for the first time, it will send a text message to the mobile number on your account with a six-digit code, which you'll then need to enter on Facebook to confirm that the device logging in to your account is you and is safe to use for future logins. If you're using a public computer or a device that isn't yours, make sure you don't click "Save this browser", otherwise this browser will be authorised for future logins. If you're using private/incognito browsing or clear your history, then this browser will not be remembered for future logins and you'll have to go through the above process next time you log in.
How do I enable it?
As we mentioned above, most of the big players will have their own ("native") MFA functionality available to you but we have listed some helpful links below for the most common ones. As a minimum, any website or app that you use that holds sensitive information for you or your clients e.g. card details or personal information, must have MFA activated. If the website doesn't offer it, think very carefully as to what information you provide to this service. In fact, here at Resolution IT, if we want to use an online service for storing or transmitting any kind of personal information and it can't offer MFA then we cannot use it and it's a policy we strongly suggest everyone adopts.
Can't find your online service listed above? Try searching on Google for "[service you use] multi-factor authentication"
What about authenticator apps?
The alternative to native MFA functionality is to use an authenticator app for your iOS or Android device, which is the approach we would recommend. The main ones are Authy, Google Authenticator and Microsoft Authenticator - all authenticator apps that we have or currently use.
Start by downloading the app to your device and begin connecting your online services following the instructions within the app.
When you log in to a service such as Facebook, you'll need to open your authenticator app which will provide you with a secure code which usually expires within a short timeframe. You'll then need to enter this code on the service you want to use, within the allotted timeframe, in order to access it.
Need more help getting cyber-secure?
We hope this information is helpful for securing your online accounts and if you need more help getting your business cyber-secure or would like an audit or have any cyber security queries, please contact our dedicated security team directly.