When you log into a website, you need a username and a password. If this combination is correct, you’ll get to see your data, whatever it is – your emails, chats, social media content, etc. It is pretty safe since only you have your password.
But what if someone else gets hold of that password due to any reason. Maybe they saw you type the password. Maybe they installed a keylogger on your system. Maybe you casually blurted it out in a bar. Maybe you had scribbled it down on a paper and someone read it.
Whatever the reason is, once they have your password, they have access to your account. And you won’t even get to know about it. They’d be reading all your emails, chats, or other activities, and you would have no clue that someone else can see whatever you’re doing.
Even if you do change your passwords frequently, how safe are you? Let’s say you change your password every week – and let’s be honest here, this is overkill. Most of us have the same password since 2002.
But okay, let’s just say you change your password every week, it means that the hacker has one week to read your chats or emails before you change the password and limit their access. One week is a long time. In that duration, they would have opened all mails and read all confidential details.
So what’s the solution? ?
To make the system more secure, there are multiple factors instead of just the username-password combination.
Using a multi-factor or two-factor authentication, you add more layers of security to the system.
What’s the difference between MFA (Multi Factor Authentication) and 2FA (Two Factor Authentication)?
In MFA, there are multiple layers of security. If you use only two layers of security (which is the most common), it is called 2FA.
Let’s take a look at what some other layers can be.
- Knowledge: You provide something you know, such as the answer to a secret question.
- Possession: You provide something that you possess. Such as an SMS code that came on your phone.
- Inherence: You provide a unique characteristic, such as a fingerprint or a face scan.
Let’s see how these three factors are used in MFA.
✅ Secret questions
You might have seen some secret questions asked by banking and other finance-related websites. These questions act as another layer of security between your account and a hacker.
When you log into your account using your password, you might see a question that you had set up when you created the account. Questions that ask about your mother’s maiden name or the name of your first dog.
The more difficult the questions are, the better it is for you. For example, a friend who gets to know your password might not know your second-grade class teacher’s name. And thus they won’t get access to your account.
You need to use an email address to create your social media account. In some cases, if Facebook detects that another IP is used to access your account, it might send an email for verification. You will get a code on your email and you need to enter it on the Facebook website. This is another layer of security.
✅ SMS messages
You can link your phone number with your account and set up 2FA on it. Now whenever you log in using a new device, a code will be sent on your phone. You need to enter that code on the website to verify your account.
This will make sure that if a hacker wants to break into your account, they will need not just your password but also access to your phone as well. Since this is very hard, hacking the account becomes difficult.
✅ Code generator apps
Apps such as Google Authenticator can be used with an account for setting up another layer of safety. These apps keep generating a new code after a fixed interval (30 seconds for example).
If you access your account from a new device, the account will ask for the code. Open the authenticator app and enter the code that’s currently on it. It expires after 30 seconds, which means a hacker will need your username, password, and access to your phone in THAT time window of 30 seconds, which is not really possible. This makes hacking accounts even more difficult.
✅ Fingerprint scanning
There are several websites that accept fingerprint scans for authentication. You can find the fingerprint scanner on your phone or laptop. If your device doesn’t come with a scanner, you can buy a separate scanner.
✅ Facial recognition
Just like fingerprint scanning, you can use facial recognition to authenticate your account. Voice recognition works in a similar way.
There are several other methods and we have discussed the most common ways for MFA. The more layers you want to add, the more secure your account becomes.
You can choose the factors you want. There are several of them and you can pick the one according to your preferences.
Problems related to MFA
MFA is secure, yes. But it is also cumbersome. Imagine entering your username and password into Facebook each time you have to use it. Now imagine entering a text you receive on your phone apart from entering the username and password.
Extend this thing to scanning your fingerprint as well. All this to gain access to your Facebook each and every time.
Repeating these steps each time you want access to your account becomes cumbersome, especially when you have to open that account several times a day.
So while MFA provides security, it adds extra steps to a simple process, making it difficult. The solution is pretty simple. A website will prompt you for MFA if you use a different device. So you can set up your account on one device and that becomes trusted.
You can open your account multiple times from that device and you won’t have to enter the details each time. However, when you try to open it from another device, the MFA algorithm will become activated and will ask for other factors of authentication.