Multi-factor authentication is an additional level of security that uses multiple pieces of information to verify your identity. MFA requires at least two (2) identity components to authenticate a user’s identity.

MFA is a recommended best practice for user authentication because it adds additional layers of user identity verification and security to gain access to your online accounts and services.

The process combines your choice of an extra identity component to a traditional username and password, making login more secure and allowing you to use this extra component (a smartphone for example) to track every sign in attempt to your account or system.

MFA identity components include:

1. Something the user knows (e.g: Password, PIN),

2. Something the user possesses (e.g: token, card, one-time PIN),

3. A unique trait of the user (e.g: biometrics – fingerprint, facial recognition)

In our previous topic on strong authentication, we discussed why MFA is highly advisable for online users, here we will be providing information on the different ways a user can set up MFA for their online accounts and services.

To begin with, a common MFA set up process looks like this:

1. Registration: A person links an item, such as a telephone to the system and confirms it is theirs.

2. Login: Upon login, a person enters their username and password as usual into a secure system.

3. Verification: The system connects to the registered item to trigger the extra verification item. A phone may ping with a verification code, or a key fob may light up.

4. Reaction: The person completes the process with the verified item. Entering verification codes or pushing a button on a key fob are common examples.

Setting up MFA depends on the application you are using, below is some information on setting it up for some of the more popular programs and applications we use on the internet.

Google

To set up 2-Step Verification with Google, follow https://www.google.com/landing/2step/ and click on Get Started. Add your smartphone to your account, making sure the Google search app is on the phone, and at login, you can go to the phone and simply acknowledge with a tap that you are the one signing in.

Once you've set up Google 2-Step Verification, access it again by visiting your Google account Security Settings. There you can select the phone numbers that can receive codes, switch to using an authenticator app, and access 10 unused codes that can be printed to take with you for emergencies (such as if your phone dies and you can't get to the authenticator app.)

Microsoft

Sign into your Microsoft account at account.microsoft.com/profile. On the Microsoft account dashboard, click on Security underneath the Change Password option in the top navigation and on the next page, click More security options. Under Two-step verification, choose Set up two-step verification to turn it on.

Enter the Set up an identity verification app section. Microsoft makes its own authentication app (iOS, Android), which it will push you to install. Scan the QR code displayed to set up your Two-step Verification.

Apple ID

iPhone, iPad or iPod touch

Go to Settings > [your name] > Password & Security and select the option to Turn On Two-Factor Authentication. Tap Continue before entering the phone number where you want to receive verification codes when you sign in. You can choose to receive the codes by text message or automated phone call. Tap Next before entering the verification code to verify your phone number and turn on two-factor authentication.

Mac

Choose Apple menu > System Preferences, then click Apple ID > Password & Security. Next to Two-Factor Authentication, click Turn On.

Facebook

On the desktop in the drop-down menu next to notifications, select Settings & Privacy, and from Settings > Security and Login. Under Two-Factor Authentication, click Edit on the right. On the next screen, select how you would like to receive your second form of authentication: a text message, authenticator app, or physical security key.

If you select an authenticator app, Facebook will produce a QR code on the desktop screen. Open your authenticator app on your smartphone, select add, and hold your smartphone up to the computer screen to capture the code. The next time you sign into Facebook and it requests your six-digit code, open the authenticator app to retrieve it.

Twitter

To activate Login Verification on Twitter.com on the desktop, click the More menu on the left and select Settings & Privacy > Account > Security > Two-Factor Authentication. You can then choose to get codes via phone (SMS text), authentication app, or with a physical security key used on PCs. In the mobile Twitter app, the steps are much the same but you start by clicking on your profile pic.

WhatsApp

Go into Settings > Account > Two-step Verification. Tap Enable, and WhatsApp asks you to create a six-digit PIN to register your phone number with WhatsApp. If you later sign out or log in with a different device, WhatsApp will text you a code, and you'll have to re-enter the PIN as well. You can go in to the app to change the PIN or your email any time.