Multi-Factor Authentication
WHAT IS MULTI-FACTOR AUTHENTICATION?
Multi-Factor Authentication, sometimes called 2-Factor Authentication, is a method of proving your identity involving something you know (typically a password) and something you have (a phone, a key, etc.)
WHY DO I WANT MULTI-FACTOR AUTHENTICATION?
Multi-Factor Authentication is the strongest protection against phishing, identity-theft, and other account-takeover attacks. Think about your bank. You have a CHIP (in your access card) and a PIN. A thief might steal your wallet, but not get your PIN. They might guess your PIN, but not have your CHIP.
After Google rolled out multi-factor authentication, there were 0 successful phishing attacks against any of its 85,000 employees.
WHAT MULTI-FACTOR METHODS CAN I USE?
Multi-Factor Authentication is something you know, and something you have. So you cannot use a PIN, or personal security question: these do not improve your security.
Methods that can be used include: U2F/WebAuthN/FIDO devices (USB keys), Authentication Apps (e.g. Authy, Google Authenticator, Microsoft Authenticator), web push notification (e.g. mobile phone), SMS (e.g. sim card).
We do not recommend using SMS when other methods are available, it is not as secure.
WHEN SHOULD I USE MULTI-FACTOR AUTHENTICATION?
You should use multi-factor authentication everywhere you have the chance. Enable it on your Google (Gmail) account, on your Amazon, Twitter, Facebook, Apple, LinkedIn, etc. We recommend using an Authenticator App (e.g. Authy) since it is the most universal.