The Problem with Passwords
Passwords have been the primary method of authentication for decades, but experience shows they are fundamentally flawed as a secure means of identity verification. Here’s why:
Passwords are easy to guess
Too many people still use simple, easy-to-guess passwords like “123456” or “password.” Cybercriminals can easily crack these in seconds using brute force attacks. Even longer passwords are vulnerable if they are based on personal information that can be found online, like birthdays or pet names.
People reuse passwords across accounts
Most people only use a handful of passwords across all their online accounts. So if one password gets compromised through a data breach, it jeopardizes the security of multiple accounts. According to a recent survey, 65% of people admit to reusing passwords.
Phishing and social engineering
Clever social engineering tricks can fool people into divulging their passwords. Phishing emails impersonate legitimate services to trick victims into entering credentials on fake login pages. Other scams like phone-porting hijack cell phone numbers to intercept 2FA codes.
It’s hard to remember strong passwords
The strongest passwords are long, fully random strings of upper and lowercase letters, numbers, and symbols. But these are impossible to remember. So even security-aware users often resort to weaker passwords for convenience.
Multi-Factor Authentication Solves These Problems
Multi-factor authentication (MFA) provides an extra layer of protection beyond just a password. It typically combines:
- Something you know – like a password or PIN
- Something you have – such as your phone or hardware security key
So even if your password is compromised, a cybercriminal cannot access your account without also stealing your physical second factor.
MFA protects against:
- Brute force attacks – The password alone is not enough
- Phishing – Criminals don’t have your second factor
- Password reuse – Each account has a different second factor
- Forgotten passwords – Second factor can often allow password resets
Research shows that enabling MFA blocks over 99% of automated cyberattacks.
Types of Multi-Factor Authentication
There are several options for the second factor in MFA:
SMS Codes
The service texts a one-time passcode to your registered phone number.
Pros: Convenient, ubiquitous
Cons: Susceptible to phone-porting attacks
Authenticator Apps
Generate timed codes using an app like Google Authenticator or Authy.
Pros: No recurring costs, works offline
Cons: Must have your phone available
Security Keys
Uses a physical hardware token like YubiKey or Google Titan Key.
Pros: Very secure against phishing/malware
Cons: Cost, can be lost or damaged
Biometrics
Uses fingerprint, face, or iris recognition.
Pros: Convenient, nothing to carry
Cons: Spoofing possible, not available on all devices
How to Enable MFA
Enabling MFA is a simple process for most major online services:
- Log into your account and go to the security settings
- Look for the “Multi-factor authentication” or “Two-factor authentication” option
- Follow the prompts to setup your preferred second factor method
- Verify it is working properly by logging out and logging back in
You will likely need to enter a code from your second factor once on each new device you use to log in. But afterwards it is quite seamless.
For high value accounts like email, banking, and cryptocurrency, I strongly recommend making the effort to enable MFA. The minor occasional inconvenience is worth the massive boost to account security.
Time to Ditch Passwords Alone
Passwords simply cannot protect against modern cyber threats. Multi-factor authentication closes these security gaps by requiring multiple methods to verify your identity.
MFA is now quick and easy to setup on most major platforms. There is no good reason not to enable it, especially for your most sensitive accounts. Ditch the password-only risks of the past, and adopt multi-factor for much stronger protection.
