Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

❮   Back to News

October 26, 2022

The Importance of Multifactor Authentication

By Ryan A. Higgins, Chief Information Security Officer, U.S. Department of Commerce


Cybersecurity Awareness Month is a great opportunity for all of us to think through how we approach cybersecurity in both our work and personal lives. Every day, we hear stories about the latest compromise at an organization, or a person who has fallen victim to cyber criminals. As highlighted by the themes of Cybersecurity Awareness Month 2022 and the Executive Order on Improving the Nation’s Cybersecurity released last year, one of the most effective techniques we can employ is to enable Multi-Factor Authentication (MFA). MFA essentially means accessing services using two or more forms of authentication as follows:

  • Something you know – such as a password
  • Something you have – such as your phone or a token
  • Something you are – such as a biometric, like a fingerprint

Most people accessing services online have relied exclusively on passwords to protect their accounts, yet passwords have proven to be a weak link on their own due to the sheer number we are asked to memorize and how effective computer programs are at cracking passwords. This is where MFA helps overcome these inherent weaknesses and better protect us all. Adoption of a second authentication factor increases confidence that the right individual is accessing the right system or service.

Typically, the second factor we use is “something we have,” such as our smart phone with access to email or an authenticator app, a smart card (e.g., a Personal Identity Verification (PIV) card or Common Access Card (CAC)), or a token that generates a unique code based on a complex algorithm. More companies and organizations are offering MFA as an option by emailing you a code or using an authenticator app. In the spirit of Cybersecurity Awareness Month, if you have not done so already, I encourage everyone to set up MFA on all online accounts. It only takes a moment to do so and is one of the most consequential steps each of us can take to protect ourselves online.

Also, be sure to check out the Cybersecurity Awareness Month resources available from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) for more advice on how to protect yourself online. Lastly, please remember to “See Yourself in Cyber” because ultimately, cybersecurity begins with each of us doing our part.

❮   Back to News

An Official website of the Federal Government

Looking for U.S. government information and services?