We continue stressing the importance of good password behavior. Multi-factor authentication (MFA) is also important to protect your business and yourself from a security breach.

Almost every week you hear about another site or app being breached. Many of these breaches are caused by weak or reused passwords (93% according to the 2018 Verizon Data Breach Report). We can’t stress enough the value of a password manager to help you and your business manage their passwords and create strong, unique passwords. But then MFA comes in to provide a second level of defense.

So what is MFA?
Multi-factor authentication (sometimes also called two-factor authentication) is a feature that requires you to have more than just your username and password to log in to an account. After you enter your username and password it also requires a second piece of information—like a one-time code or your finger print.

You have to provide that second piece of information—whether it’s a code, or a temporary password, or the swipe of a finger—before the account can be accessed. If the correct information isn’t provided, the account remains locked.

How can MFA prevent breaches?
In most cases, an employee’s credentials get leaked, which allows a hacker to log in to the organization’s system. Once the hacker enters the stolen username and password, if it required MFA to the system, then it would ask for a second form of authentication. This would trigger an alert to be sent to the actual user’s phone or email asking them to authenticate. Since the hacker would not have access to that second piece of information, the hacker would not be able to log in and then a breach would be prevented.

What should you do now?
First, start by enabling MFA for your password manager account. It’s important to remember that you should turn on MFA for more than just your password manager. Web apps like your email account, Amazon, PayPal, Google, Twitter, Facebook, and others all offer MFA.

Using a password manager and MFA together allows you to combine two secure practices: strong, unique passwords on all of your accounts, and an additional layer of security. Together, these allow you to rest easier as the news of breaches continues to roll in because your online accounts are protected to the best of your ability.