I bet most of the people reading this have at some point been asked to associate a mobile or cell phone number with an account, and for those of you who have you receive a text with a special Personal Identification Number (PIN) to be entered after you enter your user ID and Password. Well, that is the hands-on part of a relatively new security feature called Multi Factor Authentication (MFA).
MFA is a process and technology which helps you take additional steps to ensure you are in fact you when logging onto a service, app, or website. There are may forms which it comes in, but I’ll speak to the common types you might see.
-What you know: The notion of security for software and devices is based things a User Knows, that is usually the userID/Password combination. But of course, they can be stolen potentially so of course taking precautions is smart. See my article on Passwords here: https://ericcrichardson.com/2021/01/14/the-gist-of-passwords/amp/
-Who you Are: Security can be enhanced by adding layers to it, you will still need a user ID and Password, but you can add a fingerprint, retina scan, facial recognition etc. Windows/Android/Apple Operating systems all provide for one or multiple additional layers of security in addition to the
-What you Have: Almost everyone who is online has access to a smartphone, so a text can be sent to it to enter a website or service to add another layer of protection. Another example of this is the credit card CVV code- that three- or four-digit code printed on your credit card (Trivia check: “CVV” stands for “Card Verification Value”), that code is not part of your credit card number but can be verified with by a vendor.
–Where you are: Interestingly most devices, even computers, can give location data. Phones have GPS receives built into them but even a desktop computer can give an estimate where it is based on the internet service provider used. It is also possible for a transaction to check where someone is before approving it. Now you can use something like a VPN to get around this, in fact see my article on using a VPN here: https://ericcrichardson.com/2021/01/15/the-ins-and-outs-of-using-a-vpn/amp/
MFA is simply an additional layer of protection for you. My adage is if it is secure that means it’s at least a bit painful sometimes and there are extra steps. Some systems such as Google makes it a bit easier where you sign onto google and just look at your phone and there will be a question pop up on your screen asking if you want to sign in, just click yes. There is a text message being sent to your phone in the background, but it feels much more seamless. This way you are entering a user ID, a Password and you are also having to show you have your phone with you. Now you phone can go missing- yes, but that is why you always must have a code to unlock your phone and it needs to auto-lock, again security being a bit of a pain bit trust me it is well worth it.
Eric C Richardson 