Risk – Part 4: Do I really need to enable 2FA or MFA?

Nathan MaxwellOur InsightsLeave a Comment

You likely have heard the terms 2FA or MFA. Both are thrown around and you’ve probably seen them as an option you can enable in different accounts online. But how do they directly affect you and does it really make a difference?

Well, let’s give a scenario and then look into the specifics of MFA.

Meet Greg. He is a small business owner and just finished setting up his email with GSuite (email provider). Greg saw CCI’s video about proper password management, so he was very structured with creating his passwords. Right before Greg finished setting up the accounts, he noticed an option to turn on MFA or 2FA, but he thought, I have no idea what that means, so I’ll just skip it and Google will tell me later if I need it. He skipped past that step and went on with his life of being a business owner.

A few weeks later, Greg got a phone call from Tony, his best friend, saying that he received an email from Greg with several links that looked suspicious. Curious to know what Tony was talking about, Greg tried to access his email, only to find out he had been hacked. The hacker had taken over his email account and was sending out spam emails, causing a major breach of trust to his clients.

In a panic, Greg called Google to try to get this issue fixed, and after a few stressful hours, he was able to log back into his account. At the end of the call, he asked an important question, “How do I prevent this from happening again?”

One of the main solutions to keep this from happening in the future is two-factor authentication (2FA), otherwise known as multi-factor authentication (MFA). MFA is the process where after signing into an account, you then have to either type in an additional security code that is texted to you, generated by an app on your phone, or click the ‘approve’ button from your phone. This prevents a hacker from getting (by guessing, hacking or related ways) your password and accessing your account because even if he/she knew your password, they would need approval from your phone as well.

In Greg’s case, MFA would have saved him a large amount of time because he would have declined the sign-in right when the hacker was trying to access his account.

Join Greg in enabling MFA across all your accounts to protect yourself from a hack.
Have questions about how to go about doing this? Reach out, and we’d love the opportunity to share how to enable MFA for your organization.

Leave a Reply

Your email address will not be published. Required fields are marked *