Why enable MFA on your personal accounts?
TL;DR: You should enable MFA when you can to protect your accounts from the bad guys (and yes, they are after your accounts too, it doesn't matter who you are or are not).
Two-factor authentication (2FA) or multi-factor authentication (MFA) is a security mechanism that requires two (2FA) or more (MFA) methods to verify your identity. This is to make it more difficult for bad guys to access your account and your data.
Typically, it's spread between different categories:
- Something you know: e.g., your password
- Something you have: e.g., your device, phone or security key
- Something you are: e.g., beautiful, I mean, your fingerprint or face
Factors like a six-digit code sent to your phone via an SMS, or displayed in an app such as Google/Microsoft authenticator, are "Something you have", for example.
Not all factors have the same level of security, some are more secure than others (SMS is considered the least secure, for example). But any factor is better than none.
ℹ Additional factors can be used in more advanced solutions, such as your location, activity, behaviour, etc.
Often MFA is required only if you connect from a new device or a new location, for example, giving you the added protection with limited extra effort.
The bottom line is that with all the phishing happening (those nasty emails/messages trying to steal your password) and often less-than-ideal password hygiene (easily guessable or reused passwords), you should enable MFA whenever you can to protect your account and your data.
How to enable MFA on your personal accounts
The process to enable MFA varies between providers, but it is usually straightforward to implement.
How to enable MFA on some of New Zealand's main services providers:
User and email accounts
Social media
Banks and financial services
Australia
New Zealand
Gaming
Anything missing that you think would help? Please let me know and I'll add them.