Millions of email addresses and passwords have been exposed by hackers in a data breach incident. A lot of people have actually checked their email addresses and confirmed that those were actually the same credentials they are still using (check if you’re affected here).
Though some said that those are just their old email addresses that have been exposed, they cannot erase the fact that the news brought them fear.
The fear of what might happen if someone in the online world made use of their credentials for their own benefit.
Their data are just circulating in the public, waiting to be compromised anytime.
This is only one of the many data security breaches that have already happened worldwide, and there are no signs that they are slowing down.
This just proves that relying solely on strong passwords, no matter how complicated they are, is not enough to ensure account and data protection anymore.
Relying solely on passwords, no matter how complicated they are,
is not enough to ensure account and data protection anymore.
There should be an additional layer of security to keep information secured. Fortunately, that’s where MFA comes in.
What is MFA?
Multi-factor authentication, or MFA for short, is an authentication method that requires two or more authentication or pieces of evidence before granting access to an account.
Think of MFA like this.
Remember all those Hollywood action movies you watched like Skyfall or the Jason Bourne ones? We’ll use those hacking scenes as references.
Let’s go with the Olympus Has Fallen for now.
So, there were these terrorists who wanted to detonate ALL of the nuclear weapons to completely obliterate the United States. They were successful in initiating the process, but they need a set of codes to completely launch it. They’re kind of stuck so they are brutally assaulting the White House people to give up the codes to do what they want.
Now, let’s focus on that code that they’re dying to get their hands on.
That code is the MFA part of security.
It’s making sure that the nuclear launch is indeed an intended action and is being mandated by someone in authority. The right someone.
MFA makes sure that the right person is indeed the one
accessing the account or initiating a process.
MFA adds an extra layer of security for data protection.
That code serves as the hard wall that puts a stop to bombing the United States and possibly making the entire world crumble, ending humanity in the end—for you, it’s another wall that stops your account from being breached.
The initial authentication usually comes in the form of username and password. The next authentication asks for another piece of evidence or information – like a one-time code or a fingerprint. The first and succeeding authentications should be provided correctly to be able to access the account.
There are several ways on how to apply MFA:
- One-time SMS code
- Automated phone call
- App-generated codes
As to how we do it in EmailMeForm, read on.
MFA in EmailMeForm
And because PCI mandates that MFA be enabled on certain systems and processes like Vault, we need our Vault users to comply with this step as well.
How we setup MFA
Here in EmailMeForm, we choose the more secure options—we recommend using the tools Authy and Google Authenticator. They will generate unique codes each time you log in to our app.
We prefer this method rather than SMS or automated phone call confirmation because they’re safer as they are NOT DIRECTLY vulnerable to SIM-swapping attacks.
So that if ever you get targeted by phishing attacks (like those Kristen Stewart and Jennifer Lawrence photo hacks), you don’t get affected easily.
Our MFA can be easily be done on all platforms—iPhone, Android, Windows Phone, MacOS, Linux, and Windows. Whichever device you have, you can make use of MFA on your forms.
Every EmailMeForm user has the option to avail of the Vault feature
to guarantee added security for collecting credit card information online.
At the same time, we also allow users to have a backup by giving them 10 special unique codes that they can use whenever they can’t log in using the apps for some reason in the future (like when they lose the phone or replace it with a new one).
Now that you know why MFA is a must-have feature and how it immensely contributes to making your data more secure (and a little less hack-able), I’d have to believe that you’d say something like this, “MFA’s are not too annoying after all, eh?”.