Multi-factor authentication (MFA) 

Also known as 2-step verification (2SV) or two factor authentication (2FA). It provides a way to confirm that you are really the person you are claiming to be when you log into a service. The service will ask you to provide a second step which only you can access. This could be a code that is sent to you via text message, using an authenticator app, by generating a code via a device (Physical Secure Key (PSK)/PINsentry) or by plugging in a token device that you physically have. 

To ensure safety it is ideal to have two aspects from the three below.  

  1. Something you know. Like a password or pin. It was not unusual until fairly recently for this to be the exclusive method of logging in. However it is quite obviously flawed as hackers can guess the password, find it on the post-it note in your top drawer….. or use a simple program to try to guess it. 
  1. Something you are. Biometrics. Fingerprint, face recognition. This is part of our daily life these days and luckily you carry this around with you at all times. 
  1. Something you have. Bank card with a bank card reader, rapidly replaced with an app on your phone. Authentication apps (for example Microsoft Authenticator) on your smart phone, used extensively and very secure. Text message (SMS), not the safest but a well applied method. 

Watch this video to understand this section in more detail. 

Some online services, like banks, will force you to use MFA but may be turned off by default. It is recommended to turn it on yourself whenever it is available, to give extra protection. Whilst it may take slightly longer to access things that have MFA, you are considerably safer. This easily offsets the costs both financial and in time if you are subject to a successful cyber-attack.  

The UK’s National Cyber Security Centre (NCSC) Cyber Aware website ( ) contains up-to-date links to instructions on how to set up MFA on popular online services such as Gmail, Facebook, Twitter, LinkedIn and Outlook.