From: thepipeline_xyz
MultiFactor Authentication (MFA) is a security measure where an account, typically protected by a password, requires a second verification method to confirm a user’s identity [00:00:00].
Types of MFA
Common methods of MFA include:
- Biometric authentication Face ID is a common example of this type of MFA [00:00:15].
- Hardware keys These are physical devices used to verify identity [00:00:20].
- Authenticator apps These applications provide a code after a user signs in with their password [00:00:25].
- Text message codes A common method where a code is sent via text to verify identity [00:00:39].
Best Practices for Authenticator Apps
For enhanced security, the code provided by an authenticator app should ideally not reside on the same phone actively being used for the login [00:00:32]. The authenticated software should ideally be on a secondary device [00:00:35].
Risks of Using Text Message Codes
While convenient, using text message codes for authentication is a very dangerous method [00:00:56]. The vectors for compromise increase exponentially if someone gains consistent access to your code, whether through a SIM swap or direct access to your phone [00:00:59]. Not taking the extra step to avoid using text message codes can lead to significant personal and financial loss [00:01:08].