A study revealed that the average person has 100 passwords. Keeping track of only a few passwords is difficult, never mind 100! But strong passwords aren’t enough.
In our previous blog, we spoke about how to create a strong password and keep track of them. This next blog looks at the second layer of defence that is so unique to you, a hacker can’t replicate it. Here we’ll talk about multi-factor authentication and why it’s so important to keep your data safe.
What is multi-factor authentication (MFA)?
Firstly, we need to understand what we mean by authentication when it comes to security and how it came about.
The history of passwords goes back a long way and predates computers. The Romans used ‘watchwords’ unique to each unit to prove the soldiers were indeed members. During the alcohol prohibition days of the 1920s, underground speakeasy bars sprung up and required you to say a password to gain entry.
We’re all familiar with websites such as Amazon, Facebook, and Twitter that require you to create an account and protect access to it with a unique user ID (usually your email address) and a password. MFA takes that one step further. Having a strong password is great. Having a second layer of defence is even better.
So even if the attacker knows your password, they won’t be able to access your account without that second factor of authentication. It’s an extra line of defence for you. There are different types of MFA, like:
SMS or email one-time codes
Authenticator apps such as Google authenticator
Physical security keys such as YubiKeys
Biometric authentication such as TouchID, FaceID, etc.
The National Cyber Security Centre (NCSC) recommends that you set up MFA on your 'important' accounts. These are your high value accounts, like your banking apps, that if hacked, could cause a lot of damage. Your email should also be included. If a cybercriminal can get into your email, they could use it to reset passwords and access to other accounts.
Why aren’t passwords enough?
Attackers are constantly trying to breach the security of accounts to get you to disclose your password. They have many ways to do this like calling and pretending to be your bank, or sending fake text messages asking you to confirm details.
Once the attacker gets hold of your password, they have access to your accounts where they could buy products, send money, or even impersonate you with the data they’ve stolen to commit identity theft. Passwords can also be compromised by a data breach and attackers can use techniques such as credential stuffing to identify if the same password is used on multiple websites.
This is where MFA comes in. Even if your password has been compromised, the attacker would be unable to authenticate successfully as you because of the second line of defence – the MFA in place.
When it comes to keeping your data safe, having an extra layer of security is always better. Firstly, make sure you set strong passwords for your various accounts and use a password manager to store all of them. Then set up MFA, such as biometrics or a one-time password, as an added layer of defence.
How does Mettle protect our customers and employees?
Mettle is fully compliant with strong customer authentication (SCA) that is part of the European Union's payment services directive (PSD2), adopted by the UK that is designed to make online payments secure and fit for the digital age.
Mettle’s internal applications are also protected by strong multi-factor authentication. All Mettle members of staff use physical security keys as an authentication factor.