Skip to content

Frustration-Free Risk Management

Simplify cybersecurity risk management and tackle your cybersecurity challenges with ease. TRAC automates the tedious risk assessment process and produces customized results that align with regulations, best practices, and your strategic goals.

padlock on top of a laptop.
Cole PontoFebruary 27, 20231 min read

Quick Tip to Keep Hackers Out - Always Verify MFA

Multi-factor authentication is one of the best security tools we can use to protect our information. However, every security feature has its weaknesses. One of the weaknesses of multi-factor authentication is us, the user.

The good news is that we can address that weakness by considering the following two tips when using multi-factor authentication:

  • Tip 1: Only approve a sign-in that you know 100% was you.

    If you cannot verify that you were trying to access the tool requesting authentication, do not approve. For example, if you were not trying to log in to your email but received an approval request, someone is likely trying to get access to your account, don't let them! Deny the access and contact IT, as your credentials may have been stolen. 


  • Tip 2: Don't share MFA codes.

    Some multi-factor authentication methods use codes, often through text messaging, email, or an app. This code is temporary. However, you should still be the only person to use it.

    It is common for cybercriminals to try and convince you over the phone or email to give this information out, sometimes even by impersonating a vendor you know. Just remember, it is never appropriate to give someone your password, and it is never appropriate to give out this authentication code. Both can result in cybercriminals gaining access to your account. 



Remember, while the user can be a significant risk when it comes to cyber attacks, we can also be an incredible benefit to the organization's security. Keep these quick tips in mind, and make sure to reach out with any questions, concerns, or even mistakes that need to be addressed. It's understood that no one is perfect, and we will not catch everything, so do not be afraid to reach out for help!


Cole Ponto

Cole Ponto is a Senior Information Security Consultant at SBS CyberSecurity. He is also an instructor for the SBS Institute, leading the Certified Banking Business Continuity Professional (CBBCP) course.