What you need to know about multi-factor authentication
Full Transparency
Our editorial transparency tool uses blockchain technology to permanently log all changes made to official releases after publication. However, this post is not an official release and therefore not tracked. Visit our learn more for more information.
Passwords are part of our digital lives. It’s important to create strong passwords and change them regularly.
But passwords provide just one layer of protection, and with so much of our lives online—from social media accounts to financial and medical records—one layer of protection often isn’t enough. Additional layers can help protect us from bad actors who try to guess our passwords, try to access them through phishing attacks or find them alongside other hacked information on the dark web.
Multi-factor authentication (MFA) can help provide those additional layers of protection.
Simply put, MFA requires you to provide more than just a password to access your accounts, applications and networks. (Usually, it’s your password plus at least one other factor.) That means even if your password is compromised, a bad actor will have a much harder time accessing your sensitive information.
With MFA, your password is still your first factor; it’s something you know. The additional factors are usually not something you need to remember—they typically relate to something you have and something you are. For example, those additional factors could include:
A push notification or temporary code sent to your phone number as a text message, to another device you have or to your email. These notifications or codes typically expire in a few seconds or minutes, after which you’ll need to send a prompt for another code.
A time-based, one-time code generated by an authenticator app (also on a device you have). When set up to work with your accounts, you input the code generated by the app to log in to the account.
Something unique to you, meaning a biometric like your fingerprint, face or retina. Anything that’s physically unique about you can be used as a layer of authentication.
Here’s how MFA works.
Let’s say you’re logging into a bank account or a social media account. First you enter your password, as usual. Then you’re prompted for a second piece of information. In many cases, it might be a push notification or code sent to you via text message—you enter this second piece of information to confirm your identity. (If your account uses the two-factor version of multi-factor authentication, that additional code is your last step.)
Today’s push-, text- or email-based codes are a step toward even more secure methods of MFA, such as hard tokens—self-contained devices that generate one-time-use codes at fixed intervals. You enter this one-time-use code as one of the factors to confirm your identity.
Alternately, you might need to provide a biometric to confirm it’s really you. For example, if you have an iPhone, you may be familiar with Face ID, which lets you unlock your iPhone or iPad, authenticate purchases and sign into apps with a glance at its screen. This same functionality can be used as an additional layer of authentication. Your identity can also be confirmed by other unique physical attributes, such as your voice or retina, although this isn’t yet very common.
Yes, using MFA requires an extra step. But the benefit is enormous, because it can enhance digital security and prevent potential account compromises. So while your first step is to make sure you have a strong password, if you have the option to set up MFA, you should do so. Taking those extra steps whenever you log in can keep your personal information safer and give you greater peace of mind.
You can add MFA protection to your Verizon account by setting it up in My Verizon. Here's how.
