When we need to gain access to something that’s been locked or restricted, we go through a process of something called “authentication”. There are only three kinds of authentication:
- Something we know, such as a username and password
- Something we have, such as a house key, a passport, a cell phone, etc.
- Something we are, such as your fingerprints, face scan, voice match, etc.
In the world of technology, each different kind of authentication is known as a “factor.” For example, providing our username and password is considered a “single-factor” authentication request because it only challenges us to provide something that we know.
Single-factor authentication protection is very weak. This is why we strongly urge you to use two or more factors of authentication to secure your online accounts. This is known as “multi-factor” authentication or MFA.
Having MFA in place means that access isn’t granted to our digital accounts unless we can provide two (or more) different kinds of authentication.
After upgrading my email account to use two different factors of authentication, gaining access to my emails is now nearly impossible for anyone who isn’t me. That’s because I not only need to know my username and password, but I also need to have an app on my smartphone provide me with a six-digit challenge code.
That challenge code changes every 30 seconds.
This is where the power of MFA shines. Because while it’s relatively easy to steal someone’s username/password, it’s essential impossible to gain access to my physical smartphone with that rotating code. In 2017, Google deployed a form of MFA to 85,000 of its own employees and it stopped 100 percent of all account takeovers.
By default, access to our most critical digital accounts — email, social media, online shopping accounts, Apple ID, file-sharing services and much more — only requires a single factor of authentication. That makes gaining unauthorized access to our unacceptably easy.
We think everyone deserves more security and privacy, so here’s our recommendation for how to set up MFA in the easiest way possible: simply download and use the free Authy app, available for both iOS and Android. Authy is easy-to-use and its website is a treasure trove of up-to-date guides for how to add MFA to each of your most precious accounts.
When you first open Authy, it walks you through setting up your account. Once you’re ready to begin, find the account guide you’ll need from Authy’s website. When you’re ready, press the “Add Account” button as shown in the image at left. Clicking that button tells Authy to scan a square code (known as a “QR” code), shown in the image at right:
Once scanned, Authy adds an account to match the kind of account you’ve added. If you’re adding Stripe, Discord, or GMail, for example, Authy knows to use those logos as shown above at left. This makes finding your second factor of authentication easy to find.
Then, the next time you log into one of the accounts you’ve secured with MFA, you’ll be asked for a six-digit challenge code. Open Authy, find the account inquestion, and enter the six-digit code. These codes only last for 30 seconds before changing and include a countdown clock, for convenience.
Need to use MFA while on your smartphone or tablet? No worries: use Authy’s handy copy to easily copy/paste your six-digit code into other applications on your mobile device.
Consider adding MFA to every account where a breach might harm your social life, finances, or employment.
Zoom: Although Authy offers no guide for adding MFA to your Zoom account, Zoom does. Just use the directions on their webpage to learn how.
Apple: Apple uses an MFA process that doesn’t work with Authy. While that’s an inconvenience, you should still use it. Use Apple’s webpage to learn how. One nice benefit to Apple’s system is that it provides a map, showing where the log in request is coming from as shown here:
If you don’t live in San Jose, California, then you should obviously NOT ALLOW that request. Assume that someone has captured, stolen, or discovered your first factor of authentication — your username and passcode — and change them immediately.
Lastly, if you’re not sure whether your online account offers MFA, check out twofactorauth.org. Not only can you search by category, but every listing for those companies which do offer MFA points to a webpage guide which explains how to set it up.
Keep it safe!
Read our overview “Secure Your Digital Accounts“.