About Multi-Factor Authentication

WHY DO I WANT MULTI-FACTOR AUTHENTICATION?

Multi-Factor Authentication is the strongest protection against phishing, identity-theft, and other account-takeover attacks. Think about your bank. You have a CHIP (in your access card) and a PIN. A thief might steal your wallet, but not get your PIN. They might guess your PIN, but not have your CHIP.

After Google rolled out multi-factor authentication, there were 0 successful phishing attacks against any of its 85,000 employees.

WHEN SHOULD I USE MULTI-FACTOR AUTHENTICATION?

You should use multi-factor authentication everywhere you have the chance. Enable it on your Google (Gmail) account, on your Amazon, Twitter, Facebook, Apple, LinkedIn, etc. We recommend using WebAuthN if available, and Authenticator App (e.g. Authy) since it is the most universal.

WHAT MULTI-FACTOR METHODS CAN I USE?

Multi-Factor Authentication is something you know, and something you have. So you cannot use a PIN, or personal security question: these do not improve your security.

Methods that can be used include: U2F/WebAuthN/FIDO devices (USB keys), Authentication Apps (e.g. Authy, Google Authenticator, Microsoft Authenticator), web push notification (e.g. mobile phone), SMS (e.g. sim card).

We do not recommend using SMS when other methods are available, it is not as secure. WebAuthN (Passkey) can handle push notification to your devices more securely, more privately, more economically.