Yahoo Finance What is multifactor authentication (or MFA)? Experts say it's the best way to stop hackers
It's a constant fear each time we're online to check our accounts or buy something.
Will our personal financial information be compromised because of either a systems bug or malicious hackers?
Though nothing is 100% foolproof, two experts told USA TODAY there are ways consumers can protect themselves from being so vulnerable to financial and even intellectual damage.
What is multifactor authentication (or MFA)?
First, there's multifactor authentication (MFA, also known as two-factor or 2FA), that extra layer of security used to confirm your identity that can come in many forms besides a password, said serial entrepreneur Greg Hoglund, considered by many to be one of the world’s top ethical hackers.
MFA could include one-time passcodes, or OTP, push notifications, and even a software token security key that a person can plug into their computer or laptop.
"And please don't reuse the same password for different sites or devices," Hoglund said.
Longtime cybersecurity expert Eric Cole, a former CIA professional hacker, agrees that those extra security layers can increase your protection. He adds that even if an attacker discovers your password, the attacker is unlikely to access the account because they don’t have access to the second or third factor, which is typically a text message code.
"Which is more of an inconvenience?" Cole asked. "Typing 'Y' to a two-factor message or entering a five- or six-digit code? (Or) potentially having all of your money stolen by hackers?"
Consumers are skeptical
The experts' advice comes as the U.S. Justice Department said earlier this year that it's doubling down on efforts to combat a stark rise in ransomware attacks globally and as many of us still worry that our financial information isn't safe online.
A recent global survey by digital security company Imperva found that 41% of consumers worldwide say their trust in digital providers’ mission to keep their personal data secure has decreased in the past five years.
The Imperva survey also said that 35% of consumers do not trust organizations to adequately protect their sensitive information.
Cole also advises signing up for fraud notification alerts from your bank or financial institution, never using public Wi-Fi to access any of your financial accounts or records online and watching out for phishing scams.
For example, a consumer might get an email that looks like it is from their bank telling them they must log in to their account and update their information. Cole said consumers should contact their bank and ask if it sent them a message.
"Hackers will always try to play on your emotions and scare you," Cole said. "Don't fall for it. Take a deep breath and reach out to your institution."
Credit or debit?
To make transactions more secure, Cole recommends that consumers use their credit cards instead of their debit cards.
"Why? Because someone steals your debit card info and the money comes out of your account almost immediately, and you have to fight with the banks to get your money back," Cole said. "It's a constant battle."
And, with a reported 400% increase in bitcoin lightning payments and a continuous rise in crypto wallet use, those consumers making purchases with cryptocurrency "definitely need" two-factor authentication for protection, Cole said.
Why use authenticator apps?
Hoglund also suggested consumers use authenticator apps including Google Authenticator, Microsoft Authenticator, Microsoft Authenticator, Authy and 2Stable.
Although he understands most sites use the simpler and most common SMS (Short Message Service) code option, Hoglund encourages consumers to choose an authenticator app instead.
He's big on those apps because the security codes don't go through the network of your smartphone, which reduces the risk of having your information compromised.
An authenticator app operates similarly to a two-way factor, but instead of getting a text, the code appears directly in the app. A person usually has either 30 seconds or one minute to respond before the code changes, making it very tough for hackers to gain access.
And if you must use passwords, Hoglund suggests using password managers such as the popular Last Pass, which helps you keep track and not repeat them. The popular tool has more than 20 million users and has a password manager and an authenticator app.
Cole said it's a no-brainer to protect your passwords, though he said, "Common sense isn't always common practice."
Alternative password managers include Bitwarden, Dashlane, IPassword, NordPass and Sticky Password. Tech giant Apple also has its own iKeychain, aGoogle has Password Manager.
"Some sort of protection is better than not having (any) at all," Hoglund said.
Cybersecurity Do's and Don't
Do
Consider multifactor authentication, those one-time passcodes or push notifications that can increase your protection online
Sign up for fraud alerts from your bank or financial institution
Use authenticator apps
Don't
Use public Wi-Fi to check your financial accounts and records
Use your debit card when shopping online. A credit card would be safer.
This article originally appeared on USA TODAY: What is multifactor authentication (or MFA)? Best way to stop hackers
