Close this search box.

Written by: Peter Ferraro

Fraud and Authentication Consultant

A recent survey from Tech Radar revealed 60% of respondents reused passwords across multiple accounts. This, combined with passwords that are easily guessed through Brute Force attacks, can open users up to breaches across multiple accounts. But since you signed up for MFA you don’t have to worry, right? Well, no—but it certainly helps!

What is MFA?

MFA, or multifactor authentication, relies on a combination of username, password, and a second factor, typically a code, to authenticate you before accessing digital accounts. Also referred to as 2FA; if you’re in the digital world, you have used MFA before. Typically, if you are sent an SMS text or email with a code that must be entered before logging in you are using a form of MFA.

Challenges with MFA

While all digital users are encouraged to leverage MFA everywhere it’s offered, that doesn’t mean keeping Password1234 or relying on having your mother’s maiden name handy will keep your account safe. Bad actors that get a hold of your device or hijack your SIM card can intercept those SMS text messages, gaining access.

Stolen devices are not the only way bad actors get around MFA; other increasing tactics include “MFA Fatigue” where bad actors will bombard you with push notifications until you approve one. The attacker hopes you click “approve” on accident or that you eventually give in to the relentless barrage of messages.

What can you do?

Experts recommend always enabling MFA when registering online. In addition:

  • Create strong passwords or let a password manager suggest one for you
  • Never repeat passwords across sites
  • Leverage password managers to help store and remember passwords eliminating the need to write them down
  • Consider having MFA codes sent to an email that requires a separate login rather than SMS text
  • Regularly change passwords

Still stuck? Use an Apple or Google password generator to get suggested strong passwords or check out Apple’s new security token feature released in OS 16.3.

If you haven’t already, review your online accounts (even those you don’t use often), strengthen those weak passwords, sign up for MFA, and—where necessary—take some extra steps to keep your accounts secure.

Passwordless Authentication

What can we look forward to with authentication? Experts expect to see more passwordless authentication methods to be made available including device, facial, retina, and voice recognition solutions in addition to MFA.

For more information on the research supporting this article, read the Authentication Landscape Whitepaper →