Enabling Multi-Factor Authentication: Extra Steps, BIG Safety ROI

Cue the balloon drop and confetti: It’s National Cybersecurity Awareness Month! OK fine, perhaps this national observance is only accompanied by spontaneous dancing in places like your friendly community bank but we do feel it’s a time to shower our valued clients with tips, tricks and ideas to help them be more safe and secure in the online realm. 

Our first weekly tip is about Enabling multi-factor authentication!

We get it: multi-factor authentication (also often referred to as two-factor authentication) adds steps to what can be perceived as an already tedious process. But how often can you say that a few extra seconds of identity confirmation can almost 100 percent eliminate the chance for fraud? Not even kidding: According to Microsoft, this simple tip can “prevent 99.9 percent of attacks on your accounts.”

What Is Multi-Factor Authentication?

So let’s begin with a closer look at multi-factor authentication — which we’ll just call MFA moving forward, to save ourselves keystrokes and to save you valuable reading time.

MFA is a more secure method of authorizing access on business networks and personal devices, and its use is twofold: This is something you can turn on for your own accounts as someone who accesses online services (all the biggies — like Instagram, Facebook, Slack, even your smartphone have made this an option); but it’s also something you can enable as a requirement for your own small business customers in order to access sensitive online services.

The 3 Categories of Multi-Factor Authentication

It’s the job of Sarena Barker, Plumas Bank’s Senior Vice President, Electronic Banking, to help clients protect themselves against fraud. So suffice it to say, she’s a fan of an enabled MFA. And she describes it like this: “When you enable MFA, you’re required to input two out of the three types of credentials — something you know, something you have and something you are.”

Let’s explore these three categories:

1. Something you know is called the knowledge factor (like a password, PIN number or answer to a “security question” — in appropriate air quotes because many of these answers can be easily researched with a quick Googling of your name or review of your public social media presence).
2. Something you have is called the possession factor (tokens, fobs, an ID card — and an increasingly popular random code option, which is often autogenerated and sent to your phone or email).
3. Something you are is called the inherence factor (e.g., a biometric fingerprint, retinal scan or something equally ominous sounding but totally safe given your face likely just opened your phone within the last hour).

“Because one of these required credentials requires physical presence, this step makes it more difficult to hack,” Barker said.

Essentially, there are “threat actors” — also known in more conversational realms as spoony chicken-hearted scammers — constantly seeking to compromise your device or account. MFA is one way to undermine them.

Why One-Factor Authentication (AKA Passwords) Are the Problem

So perhaps this goes without saying, but we’re saying it anyhow: Passwords on their own are super easy to hack. Remember that list of MFA categories above? The first — something you know, also called the knowledge factor — is exactly what a password is. We all have passwords, some that are variations of the same meaningful word or string of words, and we use them prolifically on Netflix, Facebook, Hulu, and everywhere else under the digital sun.

There’s a good chance you’re still using consecutive numbers, favorite movies (starwars anyone?) or sequential keyboard letters like “qwerty,” followed by a few numbers and maybe a special character thrown in for good measure.

Seriously: There are LISTS of common passwords floating around the internet, and every scammer has ’em. And they’re just smart enough to write a quick program that tests each and every variation quickly, meaning, at the end of the day: your password sucks.

Making the Case for MFA

But enabling MFA — while it forces you to take action beyond remembering your favorite child’s birthday — really does have a significant ROI. As Eric Griffith writes in PCMag: “Remember this as you panic over how hard this all sounds: Being secure isn't easy. The bad guys count on you being lax. Implementing MFA will mean it takes a little longer to log in each time on a new device, but it's worth it in the long run to avoid serious theft, be it of your identity, data, or money.”

The scammers are hoping, praying and betting on you to be lazy. It’s time to show them how strong you are.

“The bottom line is that the power is in your hands to prevent fraud before it has a chance to happen — to take a proactive step like enabling MFA before scammers can try to hack your info,” Barker said.

Sure it may require an extra step, but isn’t that better than the dozens of steps you’d have to take to secure a compromised account after the fact? 

You Can #BeCyberSmart

Our goal at Plumas Bank is to empower businesses, individuals, and families with the tools to create a more secure online world. So do you want to join us in celebration of National Cybersecurity Awareness Month? Here’s the best gift you can give us (and yourself): Enable MFA for all your online accounts where it is available. 

For more tips and tricks, stay tuned, as we’re rolling out weekly blogs all month long in which we’re getting down and dirty about the cyber-hygiene insights you didn’t even know you need.

And in the meantime, feel free to explore:

All the Cybersecurity Tea Is Here!