Multi-factor authentication (MFA)

What is Multi-factor authentication?

When signing into your online accounts, you go through an authentication process to prove who you are. You usually do this with a username and password.

However, a username and password is not always enough; usernames can be easy to guess. Your work email address could be firstname.surname@company.com, so anyone who knows your full name try and log in as you. Also, passwords can be hard to remember so people tend to pick simple ones, or use the same password across multiple sites. Companies ask for increasingly complex passwords because it makes it more difficult for someone to guess, or have a program work through the dictionary.

Most large websites include a way to add additional security. Sometimes called Two-step verification or Multi-factor authentication.

When you sign in to the account for the first time on a new device or app (like a web browser) you need more than just the username and password. You need something else, a second factor. This is an extra, secure way to prove who you are.

While it's up to you to decide if you wish to use Multi-factor authentication (MFA), It's strongly recommended you have it enabled anywhere its available. Banks, mobile phone operators, social media accounts, large shopping websites like Amazon as well as other organisations such as Google, Microsoft, Apple all have the option to enable this extra factor. This helps ensure your accounts are as secure as they can be. This is in addition to using unique strong passwords on accounts.

Configuring multi-factor authentication (MFA)

Octa Verify sends push notifications to your mobile for you to approve.

Select the security method:

• Google Authenticator.

• Okta Verify.

How to use multi-factor authentication (MFA)

• How to use Google Authenticator for verification.

• How to use a Okta Verify for verification.

Good to know...

• When creating a password, make it unique and something not used on other sites.

• Most attackers don't get access to the password on the site they are trying to gain access to, they get it from another website (for example a forum or small self hosted web shop) . They then try and use it on other websites to see if its works.

• Passwords should use three random words or a sentence.

• Where it's available, you should enable multi factor authentication (MFA) or two factor authentication (2FA).

• Facebook, instagram, banking, and amazon are a few of the sites offering MFA or 2FA.

• National Cyber Security Centre Guide: The logic of using three random words for strong passwords and why the NCSC advises the approach. External website