You'll see this used when signing into online services such as Office 365, an online banking account, and even your social media or favorite online shopping site. With your online accounts, not only do they store your personal information, but once one of these accounts becomes compromised, it can be incredibly easy for criminals to steal more of your information using the compromised account as a vector for accessing previously secure accounts.
When you are prompted to sign into an account, you would enter what you normally do, a username and password. With multi-factor enabled, the system will then prompt you to verify your sign in with the additional authentication method. This is where MFA comes in; you might be prompted to confirm the sign in from your smartphone, from a code in your email, or with a PIN sent to an app on your smartphone.
Once you have verified that it is really you trying to sign in, your account will pull up as normal. You may be prompted to use authentication each time you sign in, or only if there has been a period of inactivity since the last sign in; this is typically set by your administrator.
When authenticating your login, there are a couple different ways to ensure you are who you say you are, some of them incredibly easy to incorporate to your routine. Different methods might use different factors, from direct communication, such as email, phone calls, or texts, to your smartphone, using apps or biometric factors like Apple's Touch ID or Face ID.
One of the easiest ways to authenticate your daily logins is through an app on your smartphone, such as Microsoft Authenticator, Authy, or Google Authenticator. These apps allow you to link your sign-ins and produce revolving, time-based, personal identification numbers to be used at log in to ensure it's really you signing in. This form of MFA is commonly used and is a good way to ensure security for your logins, accounts, and personal information.
Aside from knowledge-based and possession-based authentication, other types include location-based or time-based factors. These only allow a user to log in if their IP address or geolocation matches what is required for the account, or even during a specific time frame that can be set as well. While these are all forms of MFA, the most commonly used are done with knowledge and possession factors.
Sometimes, you might get a notification for an account sign in when you are away from your computer, or not attempting to sign in at all. This is a new form of social engineering attack takes advantage of your account's MFA set up in hopes that you allow access to the attacker.
If you are seeing requests for MFA in your inbox or smartphone and you are not trying to log in, you should take action immediately. Be sure not to accept any of the fraudulent requests. Lock down your account and change your password. Talking to your IT department when being spammed by faulty MFA requests is important in protecting your cybersecurity.
By accepting you will be accessing a service provided by a third-party external to https://www.technicalrs.com/