Don’t Go Without: Why Multi-Factor Authentication is No Longer Optional

Multi-factor authentication (MFA) is a security measure that adds an extra layer of protection to your online accounts. Instead of just using a password, MFA requires you to provide a second piece of information, like a code sent to your phone or a fingerprint scan. This makes it much harder for someone to hack into your accounts because they would need both your password and the second piece of information.
For example, when you use your credit card at a gas pump and enter your zip code, that's a simple form of MFA. By using MFA, you can keep your personal information and accounts much safer from cybercriminals. For your personal use of critical services, it is best practice to use MFA. If your service doesn’t offer it automatically, you can use a commercial product.
Ohio State’s multifactor authentication service is called BuckeyePass. The BuckeyePass service is powered by Duo Security, a proven solution in multifactor authentication.
Top 10 Places to Use MFA
- Financial accounts such as checking, savings, stocks, loans, credit cards and retirement accounts are commonly attacked by cybercriminals. Account compromise can be very costly and time-consuming to recover from. It may also result in devastating financial losses and potential identity theft.
- Personal email accounts are often tied to other accounts on this list. Think about it. If you forget your password to a site, and request to reset it, the process usually starts by them sending you an email. If your email account is compromised, not only could the attacker gain access to sensitive information, but they could also use it to find out about your other accounts and compromise them as well.
- Healthcare provider accounts, such as a patient portal for your primary care provider, can contain very sensitive information that you wouldn’t want to share.
- Cloud storage accounts, online backups and file vaults may contain very sensitive information. These are particularly important to secure if you have a sync service setup to automatically upload documents and files. Even if it’s just vacation pictures, securing your online storage is critical.
- Insurance provider accounts for your home, life, health and auto insurance can be a prime target for cybercriminals. If exploited, someone else could file claims, portraying themselves as you.
- Shopping websites and online payment services where you store your payment information are an attractive target for cybercriminals who want to go on a shopping spree at your expense. Adding multifactor authentication to your account helps ensure that it’s only you who are making purchases.
- Smart home logins for things like security cameras, thermostats, lightbulbs and garage doors can present a risk to your home security and privacy. Adding MFA helps prevent cybercriminals from spying on you and possibly accessing your house.
- Chat and communication services like Telegram, WhatsApp, Facebook and Instagram messengers are important to secure, as they can contain records of previous communications that you might not want to share. Also, if people are used to talking to you through that channel, an attacker could portray themselves as you and cause havoc by gathering information that compromises you and your contacts.
- Social media accounts may seem like they are low risk. After all, you sometimes share your pet pictures with the world freely. However, do you want to others to see that chat you had with your best friend from grade school or those pictures of your kids you shared only privately with your family?
- Entertainment accounts such as video games and online streaming are commonly targeted by cybercriminals as they can be re-sold to other customers on the Dark Web. While this may not seem like a high risk, think of how bummed you’d be when settling in for a Saturday night of entertainment only to find you’ve been locked out. Or, how about logging in to find someone has used your account to purchase $1,000 worth of movies or games? Instead of chilling out, you’ll get to spend your time on the phone with customer support.
Popular Third Party Options
The university doesn’t endorse or recommend third party software for personal use, but some popular options are:
- Duo Security – known for its user-friendly interface and robust security, Duo Security is widely used by organizations and individuals to secure access to accounts and systems. As you likely already have it loaded to your personal device, this is a solid option.
- Google Authenticator – A popular and straightforward app that generates time-based one-time passcodes for enhanced account security.
- Microsoft Authenticator – Offering seamless integration with Microsoft accounts and other services, this product provides an extra layer of security through push notifications, codes, or biometrics.
- Apple ID - Built into Apple ID and is referred to as "Two-Factor Authentication" (2FA), this authenticator requires users to verify their identity using a trusted device or phone number in addition to their password when signing in.
For more information on how the university uses MFA to keep institutional data and accounts safe, check out BuckeyePass.