## What's the Deal with Multi-Factor Authentication (MFA)? Think of it like this: even if a hacker figures out your password, MFA is there to stop them from gaining access. It requires not just one, but **two** different forms of identification. That's usually a combo of something you **know** (like a password) and something you **have** (like your phone). Today, you'll find options to enable MFA on platforms like online banking, email, and social media. It not only keeps the bad guys out, it also also provides you with peace of mind. > [!danger]- Real-World MFA Disaster > In September 2014, **5 million** Gmail account details surfaced on a Russian Bitcoin forum. Those reusing passwords faced greater risks. However, for users with MFA, the exposed passwords alone wouldn't grant intruders access. Attackers would also need the secondary verification, such as a code sent to the user's phone. ### Most Common MFA Options 1. Things you know, `passwords, email addresses, security questions` 2. Things you have, `mobile devices, special USBs, card readers` 3. Things you are: `fingerprints, eye scans, voice`. > [!info] > When using an ATM, you need both your debit card and the PIN. That's MFA in action! ## Why Bother with MFA? Even with a secure password, you're not invincible. Hackers use tools and tricks, like **brute force** or **dictionary attacks**, where they try tons of login combos. More commonly, you'll fall prey to a deceitful **phishing scheme**. But if you have MFA set up, even if they have your password, they're missing that second key to truly gain access. To learn more, check out why [[Your Passwords are Insecure]] and [[How Passwords are Cracked]]. Bottom line? **Double up on your defenses**. Because two locks are better than one. --- *Click here to learn more [[About Me]] and nickhacks.com*