Multi-Factor Authentication: A Simple Guide

TL;DR

Add an extra layer of security to your accounts with multi-factor authentication (MFA). This means you’ll need more than just a password – usually something you have (like a phone) and something you know (your password).

1. Understand Multi-Factor Authentication

MFA makes it much harder for hackers to get into your accounts, even if they steal your password. Here’s how it works:

• Something You Know: Your usual password.
• Something You Have: A code sent to your phone (SMS or authenticator app), a security key, or a push notification.
• Something You Are: Biometrics like fingerprint scanning or facial recognition (less common).

We’ll focus on the most common method – using an authenticator app.

2. Choose Your MFA Method

There are a few options:

• SMS Codes: Convenient, but less secure as SMS messages can be intercepted.
• Authenticator Apps (Recommended): More secure than SMS. Popular choices include Google Authenticator, Microsoft Authenticator, and Authy.
• Security Keys (Most Secure): Physical devices that plug into your computer or connect via Bluetooth.

For most people, an authenticator app is the best balance of security and convenience.

3. Set Up MFA on Your Accounts

1. Find the Security Settings: Log into your account (e.g., Google, Facebook, bank). Look for “Security,” “Privacy & Security,” or similar settings.
2. Enable Two-Factor Authentication/MFA: The wording varies depending on the service.
3. Choose Your App: Select “Authenticator app” as your method.
4. Scan the QR Code: Open your authenticator app and scan the QR code displayed on the website. This links the account to the app.
5. Enter the Verification Code: The app will generate a 6-digit code. Enter this code into the website to confirm setup.
6. Save Recovery Codes: You’ll be given recovery codes (usually a list of one-time use codes). Store these in a safe place! These are essential if you lose access to your phone or authenticator app.

Example setup for Google:

Go to myaccount.google.com → Security → 2-Step Verification → Get Started → Choose Authenticator App

4. Using MFA When Logging In

1. Enter Your Password: As usual.
2. Enter the Code from Your App: Open your authenticator app and enter the current 6-digit code for that account. The codes change every 30 seconds or so.

If you have a new phone, you’ll need to re-scan the QR code on each account.

5. What if You Lose Your Phone?

• Use Recovery Codes: Enter one of your saved recovery codes when prompted for a verification code.
• Contact Support: If you don’t have recovery codes, contact the service’s support team to regain access to your account. You’ll likely need to provide proof of identity.

6. Best Practices

• Enable MFA Everywhere: Turn it on for all important accounts (email, banking, social media).
• Use a Strong Password Manager: Helps you create and store unique, strong passwords.
• Keep Your Recovery Codes Safe: Store them offline in a secure location.
• Be Aware of Phishing: Hackers may try to trick you into giving them your MFA codes. Never share codes with anyone.