As much as we all love our smart devices, our increasing reliance on them presents a cybersecurity challenge that gets bigger with each passing year. In 2001, the Federal Trade Commission (FTC) received 325,519 reports of fraud, identity theft and other scams. Ten years later in 2011, close to 1.9 million such claims were filed with the FTC. By 2021, the number had ballooned to more than 5.7 million reports. It’s not a coincidence that this rise coincides with an increase in digital technology.
While figures like these can be disheartening and even scary, there are several things you can do to stay safe online and decrease your chance of becoming a cybercrime victim. Multi-Factor Authentication (MFA) is one of them, so let’s make sure you understand what it is and when and how to use it.
What is Multi-Factor Authentication?
Everyone is used to providing a password in order to log into their online accounts. That’s an example of single-factor authentication. In other words, you only need to provide one piece of evidence—your password—that you are the true owner of the account.
Multi-factor authentication requires at least two layers of proof. In most cases, this is your password plus one of the following:
- A one-time code that is sent to you via text, email or phone call
- A biometric scan of your fingerprint or face
Why isn’t a password enough to protect you from hackers?
While passwords do create obstacles for cybercriminals, many hackers can easily break through them. Sometimes they use less sophisticated tactics like these to uncover your password:
- Brute-force attacks: Using a hacking tool to try all combinations of passwords until they find the right one.
- Educated guessing: Gathering information about you via your social posts and digital profile that you might use as part of your password to help them figure it out.
You can protect yourself from this type of crude password cracking by using unique, long and strong passwords for every account. Make sure each one includes a combination of lower- and upper-case letters, numbers and symbols.
At other times, criminals go phishing for passwords, which means they use legitimate sounding emails or texts to convince you to perform tasks like these:
- Click on a link or open a file that installs malicious software, called malware, onto your device, allowing the criminals to gather your passwords as you use them.
- Click on a link that directs you to a website that looks like a legitimate one, such as your financial institution’s site, but that actually gathers your username and password as you log into it.
Once criminals figure out your password, they can gain account access that appears legitimate on the surface.
When should you use MFA?
Cybersecurity experts recommend that you use multi-factor authentication anytime it is available. At a minimum, you should use it with any account that contains information regarding your identity, such as your social security number, or access to your money, such as your debit or credit card number. This includes the following types of accounts:
- Financial: Online or mobile banking, credit card and investment accounts, plus P2P payment apps like Zelle, that criminals could drain if they gain access.
- Online shopping: Any merchant account where you store payment credentials, such as a credit card number, which criminals can use to rack up fraudulent charges.
- Subscription services: Streaming, gaming and news sites that require a credit card or other form of payment be kept on file.
- Other important accounts: Don’t forget about email and social media accounts that criminals could hijack and use to try to scam all your contacts. According to the Identity Theft Resource Center, reports of social media account takeovers grew 1,044% between 2020 and 2021 and 288% from 2021 to 2022.
How do you enable and use MFA?
Most financial institutions will routinely encourage you to sign up for multi-factor authentication as part of their cybersecurity awareness campaigns. Enabling MFA is typically as easy as going to the security settings of your online account, opting in for MFA and selecting your preferred method, i.e., authentication via a one-time code or biometric scan. (Note: Quorum does not require its online and mobile banking users to enable MFA; it is already enabled.)
Once you set up multi-factor authentication on an account, you’ll enter your password to begin the log-in process the same as usual. Instead of taking you directly into your account, you’ll see a message asking you to further verify your identity based on your MFA preferences. For example, if your preference is a text or email code, all you have to do is click on the “send me a code” message. Once you receive the code, you type it into the log-in screen to gain access to your account.
Cybercriminals always look for the easy mark. Enabling multi-factor authentication is one of the simplest ways to protect your accounts, your identity and your money from falling into their hands.
Editor’s note: Quorum is not affiliated with any of the companies mentioned in this article and derives no benefit from these businesses for placement in this article.
Please note: Comments are not monitored for member servicing inquiries and will not be published. If you have a question or comment about a Quorum product or account, please visit quorumfcu.org to submit a query with our Member Service Team. Thank you.