A logo for soteria technology solutions with a spartan helmet

Bad Passwords Part 3 - Get your MFA

Erin Patten • May 4, 2022

Get your MFA! 

MFA? Master of Fine Arts degree? 

Nope! Multi-Factor Authorization.  (Much cheaper and arguably more useful, ha.)


In Bad Passwords Part 1 and Part 2, we talked about bad passwords and better passwords - what if I told you there is a way to make those better passwords EVEN BETTER, and that is by adding an extra layer of protection: Multi-Factor Authorization.


Also known as Two-Factor Authorization, or 2FA, MFA is a second layer of security, so even if someone does get past your password, there is another barrier to stop them getting into your account. Like opening a safe to find another, smaller safe inside.



How does it work?


MFA is getting more widely adopted, and you may have been using a form of it already on some of your online accounts.  Basically, after accepting your username and password, MFA requires the user to present a second form of identification, which usually takes one of the following forms:


  • Something you know  – Such as secondary passwords or pre-established answers to questions. (More about this later.)
  • Something you have  – This method uses something you have to generate or receive a short-term, single-use only PIN number.  In some highly secure systems, this could be a piece of small proprietary hardware like a smart card, a special key fob, or USB drive. More common are the systems that send you a text, call, or email with your PIN number, with the idea that an intruder probably doesn't also have access to your phone. These token PINs can be used only once and are voided immediately after use, so even if that message is intercepted, the attacker will not be able to use the information again to access your account.
  • Something you are  – This uses biometric identification to make sure you are you. It can include scanning of eyes or fingerprints, other facial recognition, and voice recognition. Many modern smartphones use this to unlock the phones, through facial or fingerprint scanning.


If you are able to use MFA on your accounts, DO IT!  The extra security is well worth the extra steps to set it up... with one small caveat:  the Security Questions.  You've seen them before, questions you answer when you setup a new account, for verification in case you forget your password. Usually things like : "What was your high school mascot?" or "What is your mother's maiden name?"  Now they are very necessary - you need to be able to reset passwords! But, they can be a weak spot.  Think about how long it would take you to answer those two questions about one of your coworkers - whether just through conversation, or a look at their Facebook page - the sort of information those questions usually ask is not always secret or hard to find.   


So what do you do?  Don't answer them correctly!  Think of them as a secondary password, and choose an answer that is memorable, but inexact.  Think about what information someone else could learn about you, and be sure not to let them use it against you in security questions.


Want to learn more about MFA? Check out CISA's Secuity Tip: Supplementing Passwords.



As always, if you have any questions or concerns about cybersecurity

and/or password management, give us a ring!


Contact Us

This post, like all our posts, is 100% written by a human.

Share this Post

A woman hides her face behind a library book
December 10, 2024
A rare win this month, these scammers are in trouble.
a book with fanned pages and blurry background
By Erin Patten November 20, 2024
Revisiting the Ghost Books Scam - with real-world consequences.
The insightly podcast logo
November 1, 2024
Tariq talks all things cybersecurity with the podcast hosts Alyssa and Jordan.
the silhouette of a woman's face is covered with a projection of green computer code
September 30, 2024
A freely accessible database containing full background data for about a third of all Americans was just uncovered on the internet.
A new two-story home with a soft pink and blue sunset in the background.
August 28, 2024
Real Estate scams and wire fraud costs Americans hundreds of millions of dollars every year. One victim shares her story.
A 19th century engraving of three rough and hungry looking children searching for potatoes.
July 24, 2024
A look at what insights history can offer us about how things like this happen.
A closeup photo of a boxer's shoulders and arms. They are wearing black boxing gloves.
By Erin Patten July 8, 2024
Gigantic password leaks keep rolling in; and they keep getting bigger. How can you keep your accounts safe?
A screenshot from KSN Channel 3, of a newscaster speaking in front of a screen showing computer code
June 24, 2024
Cyberattacks have led to an outage in the software car dealerships across North America use to run their operations - making dealerships rely on pen and paper again, and putting untold amounts of personal data at risk.
A robot hand explores a blue imagined universe of connected webs of dots
By Erin Patten June 17, 2024
Researchers recently proved that GPT-4 can find and exploit unknown security weaknesses - by itself. It's a whole new world for cybersecurity.
More Posts
Share by: