Show download pdf controls
  • Essential 8 strategy 7 – multi-factor authentication

    Once upon a time, passwords were the best way to keep your information and systems safe. They were considered the best defence against cyber-attacks.

    Times have changed and technology has advanced, giving cybercriminals more ways to covertly access your personal data. Adding an extra layer of security to your online accounts is a safeguard worth setting up because, it's not just your information that's at stake, it's your clients' too.

    Strategy 7 – multi-factor authentication

    Multi-factor authentication (MFA) combines 2 or more ways to prove your identity to allow access to an account. This makes it much harder for cybercriminals to steal or complete the credentials.

    Types of multi-factor authenticators include:

    • something you know (for example, a personal identification number (PIN), password or response to a challenge like naming the first street you lived in)
    • something you have (for example, a physical token, smartcard or an SMS sent to your phone containing a code)
    • something you are (for example, a fingerprint, facial recognition or iris scan).

    Cybercriminals might get their hands on your password but they still need your biometrics or a code to fully unlock your account. While MFA is not available for every online account, it's becoming a more widely-applied way to verify your identity. Banks, social media platforms and software providers are adopting this measure.

    Enabling MFA on your email accounts and computer software, especially if working remotely, is crucial. Adopting this practice in a work capacity strengthens the protection of your systems and sensitive information.

    Implementing this strategy alongside the other ACSC Essential 8 strategies gives your systems a greater line of defence in the event of a cyber incident.

    More information

    Last modified: 30 Mar 2023QC 71971