What is Multi-Factor Authentication?

Multi-Factor Authentication (also known as MFA, Two-Factor Authentication, or 2FA) is a system that requires additional steps beyond username and password to log in to a given account. The most common form of MFA is the SMS text: you log into a site, they text you a code, you enter the code on the next screen, you resume business as usual.

Why do I need Multi-Factor Authentication?

According to Microsoft, up to 99.9% of cyber attacks can be stopped completely by using MFA.

Even if a hacker were to gain your username and login, they wouldn't be able to complete the login process without physical ownership of your second-factor device, whether that's a phone or a hardware key.

What should I look for in a Multi-Factor Authenticator?

The most important thing is to look for something you will use consistently and won't interfere negatively with your life. If you need the ability to log into your account from any computer at any given time, a hardware key may not be your best bet.

There are hardware authentication keys, such as the Yubikey, Librem Key, and even proprietary keys offered directly by the services they support. These are great additional security, but aren't very durable and may not be a good choice for a laptop or a person who needs to be able to access things remotely. Likewise, these keys require you to put extra thought into your backups (aka "what if I lose this?")

Generally speaking you should try to avoid SMS 2FA whenever possible because it is relatively easy for a malicious actor or hacker to hijack your phone number in any number of ways therefore recieve the incoming 2FA text, defeating the purpose of 2FA and rendering the extra step useless. Use SMS if nothing else is available, but try to use something else if you have the option.

Product/Service Pros Cons

andOTP
  • Android Only

FreeOTP
  • Open-Source
  • Android and iOS
  • OTP codes are hidden until the user clicks on them, adding a small layer of additional security
  • The program is sponsored and maintained by Red Hat, which was purchased by IBM. Some users may be put off by corporate involvement.

Tofu
  • Open-Source
  • Search function available to quickly and easily find desired OTP code
  • iOS only