Multi-factor authentication is one of the best security tools we can use to protect our information. However, every security feature has its weaknesses. One of the weaknesses of multi-factor authentication is us, the user.
The good news is that we can address that weakness by considering the following two tips when using multi-factor authentication:
- Tip 1: Only approve a sign-in that you know 100% was you.
If you cannot verify that you were trying to access the tool requesting authentication, do not approve. For example, if you were not trying to log in to your email but received an approval request, someone is likely trying to get access to your account, don't let them! Deny the access and contact IT, as your credentials may have been stolen.
- Tip 2: Don't share MFA codes.
Some multi-factor authentication methods use codes, often through text messaging, email, or an app. This code is temporary. However, you should still be the only person to use it.
It is common for cybercriminals to try and convince you over the phone or email to give this information out, sometimes even by impersonating a vendor you know. Just remember, it is never appropriate to give someone your password, and it is never appropriate to give out this authentication code. Both can result in cybercriminals gaining access to your account.
Remember, while the user can be a significant risk when it comes to cyber attacks, we can also be an incredible benefit to the organization's security. Keep these quick tips in mind, and make sure to reach out with any questions, concerns, or even mistakes that need to be addressed. It's understood that no one is perfect, and we will not catch everything, so do not be afraid to reach out for help!
Cole Ponto, CDPSE
Information Security Consultant - SBS CyberSecurity
Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.