Multi-factor authentication (MFA)

An overview of Multi-factor authentication

Usernames are easy to guess, and passwords are often reused or too simple. This makes accounts vulnerable.

Multi-factor authentication (MFA) adds an extra layer of security. Alongside your password, you use a second step — like a code from an app — to prove your identity.

Most major services (banks, social media, shopping sites, Google, Microsoft, etc.) offer MFA. It’s strongly recommended you enable it wherever possible, along with using strong, unique passwords.

Select the security method you want to activate for your HR account:

Good to know...

• When creating a password, make it unique and something not used on other sites.

• Most attackers do not get access to the password on the site they are trying to gain access to, they get it from another website (for example a forum or small self-hosted web shop) . They then try and use it on other websites to see if its works.

• Passwords should use three random words or a sentence.

• Where it's available, you should enable multi-factor authentication (MFA) or two factor authentication (2FA).

• Facebook, instagram, banking, and amazon are a few of the sites offering MFA or 2FA.

• National Cyber Security Centre Guide: The logic of using three random words for strong passwords and why the NCSC advises the approach External website.