Cybersecurity Awareness Month is a great opportunity for all of us to think through how we approach cybersecurity in both our work and personal lives. Every day, we hear stories about the latest compromise at an organization, or a person who has fallen victim to cyber criminals. As highlighted by the themes of Cybersecurity Awareness Month 2022 and the Executive Order on Improving the Nation’s Cybersecurity released last year, one of the most effective techniques we can employ is to enable Multi-Factor Authentication (MFA). MFA essentially means accessing services using two or more forms of authentication as follows:
- Something you know – such as a password
- Something you have – such as your phone or a token
- Something you are – such as a biometric, like a fingerprint
Most people accessing services online have relied exclusively on passwords to protect their accounts, yet passwords have proven to be a weak link on their own due to the sheer number we are asked to memorize and how effective computer programs are at cracking passwords. This is where MFA helps overcome these inherent weaknesses and better protect us all. Adoption of a second authentication factor increases confidence that the right individual is accessing the right system or service.
Typically, the second factor we use is “something we have,” such as our smart phone with access to email or an authenticator app, a smart card (e.g., a Personal Identity Verification (PIV) card or Common Access Card (CAC)), or a token that generates a unique code based on a complex algorithm. More companies and organizations are offering MFA as an option by emailing you a code or using an authenticator app. In the spirit of Cybersecurity Awareness Month, if you have not done so already, I encourage everyone to set up MFA on all online accounts. It only takes a moment to do so and is one of the most consequential steps each of us can take to protect ourselves online.
Also, be sure to check out the Cybersecurity Awareness Month resources available from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) for more advice on how to protect yourself online. Lastly, please remember to “See Yourself in Cyber” because ultimately, cybersecurity begins with each of us doing our part.