Guides
Uncategorized

The Genius of MFA Codes

Multi-factor authentication or two-factor authentication (MFA or 2FA, respectively), is one of the best ways you can protect your accounts from bad actors and malicious users. Even if hackers get a hold of your username and passwords (sometimes routinely leaked in data breaches online) they won’t be able to get into your account without access to MFA’s secret weapon: the
July 28, 2022
 / 
meritsolutions
 / 
Leave a Comment
 / 
Image

Multi-factor authentication or two-factor authentication (MFA or 2FA, respectively), is one of the best ways you can protect your accounts from bad actors and malicious users. Even if hackers get a hold of your username and passwords (sometimes routinely leaked in data breaches online) they won’t be able to get into your account without access to MFA’s secret weapon: the code.

See, MFA works like this: After you enter your username and password correctly, your account then asks you to enter the code presented on your trusted device. This code can take a few forms: The most popular is the SMS code, in which the account sends the code to your cellphone via text message. Another option is an authentication app, which generates random codes every 30–60 seconds. Apple has a built-in MFA system wherein it sends a code directly to your trusted device: Unless you have physical access to that device, you won’t be able to retrieve the code.

Apple can do this because of its tight-knit ecosystem. However, you’ll likely be presented with the option to go with SMS or authentication app. While any MFA is better than none, the safer route is to go for the authentication app to generate your codes. Here’s why.

When you receive your codes via SMS, you run the risk of SIM swapping: Hackers can trick your carrier into giving your number over to their SIM. Once that happens, all incoming text messages will head their way, giving them access to the MFA codes if they have your login credentials.

If you set up MFA with an authenticator app, however, this risk is eliminated: Hackers would need physical access to your unlocked phone in order to open the authenticator app and retrieve the code. Plus, unlike SMS, authenticator apps regenerate the code frequently: If the code was somehow compromised, it would be useless after less than a minute.

That said, again, any MFA is better than no MFA. If you have SMS set up, that’s fine: SIM swapping isn’t a common occurrence, and the risk of it is outweighed by the benefits of having MFA set up for your accounts. Just remember: Never give out your MFA code to anyone: If your “bank” calls you and tells you to let them know what the MFA code is for your account when attempting to log in, hang up.

Share This

Leave a Reply

More Articles

Featured image for “You Should Check Which Apps on Your Smartphone Are Using Your Location”
Apr. 23, 2024

You Should Check Which Apps on Your Smartphone Are Using Your Location

Featured image for “Protect Your Privacy By Forwarding Your Emails Through a Decoy Account”
Apr. 23, 2024

Protect Your Privacy By Forwarding Your Emails Through a Decoy Account

Featured image for “Don’t Send Important Business Information Over SMS”
Apr. 16, 2024

Don’t Send Important Business Information Over SMS

Featured image for “How Following Cybersecurity Best Practices Keeps Your Accounts Safe”
Apr. 16, 2024

How Following Cybersecurity Best Practices Keeps Your Accounts Safe

Featured image for “Do You Know What’s in That Browser Extension?”
Apr. 09, 2024

Do You Know What’s in That Browser Extension?

View All

Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.