21 May 2025
21 May 2025
21 May 2025
Tips
Protect Yourself: Multi-factor Authentication
Multi-factor authentication (MFA) is when you use two or more different types of actions to verify your identity.
Multi-factor authentication (MFA) is when you use two or more different types of actions to verify your identity — and you may already be using MFA. For example, receiving an authentication code by SMS text message after entering your password to log into an online account.
MFA is one of the best ways to protect against someone breaking into your account. It makes it harder for cybercriminals to take over your account by adding extra layers of protection.
MFA requires you to use a combination of two or more of the following factors to access your accounts:
Something you know (e.g. a PIN, password or passphrase)
Something you have (e.g. a smartcard, physical token, authenticator app or SMS)
Something you are (e.g. a fingerprint, facial recognition or iris scan)
MFA defends against the majority of password-related cyberattacks. For example, it protects against credential stuffing, where cybercriminals reuse previously stolen passwords from one site to access others.
Think of MFA like adding an alarm to your house. Even if someone guesses your password, they’d still need to get past another layer of defence — like entering a one-time code. A few extra seconds of effort could save you hours of lost access and compromised data.
MFA is also sometimes referred to as two-factor authentication (2FA) or two-step verification.
Options for MFA
SMS Code
A one-time password (OTP) sent via SMS. For example, after logging into an account, you'll receive a code to verify your identity. This is commonly used in online banking or adding new payees.
Authenticator App
Apps like Google Authenticator, LastPass Authenticator, Microsoft Authenticator or Authy generate time-based OTPs every 30 seconds. More secure than SMS, they work by linking your account to the app using a QR code or key.
Biometrics
Uses your unique characteristics — like facial recognition or fingerprints — to verify identity. It’s convenient and can't be forgotten or misplaced.
Security Key
A small hardware device (USB or wireless) that must be physically present to log in. One of the most secure MFA methods.
Turn On MFA
You should enable MFA on your most important accounts first, such as:
Email accounts, especially those that can reset other accounts
Financial services, like online banking
Payment platforms, such as eBay, Amazon, PayPal
Social media, including Facebook and Instagram
Government portals, like myGov
Most services will offer MFA setup under their security or account settings.
If unsure, search: "How to turn on MFA for [service name]" or look in your account’s settings. If a service doesn’t offer MFA, use a strong, unique password.
Security Tips
Even with MFA enabled, it’s important to stay alert. Here’s how to keep your accounts even safer:
Avoid clicking sign-in links in texts or emails.
Scammers impersonate banks and government agencies. Always go directly to the official website.
Never share MFA codes or approve unknown login requests.
MFA is your gatekeeper — if you share it, you could be handing your account over to someone else.
Layer your security.
Use different types of authentication for stronger protection (e.g. a password + biometrics).
Keep recovery options secure and updated.
If you lose access to your device, you’ll need backup email or authentication options.
Transfer MFA before replacing your device.
Before disposing of an old phone, move your authenticator apps and update phone numbers on your accounts.
Source: Australian Cyber Security Centre
Multi-factor authentication (MFA) is when you use two or more different types of actions to verify your identity — and you may already be using MFA. For example, receiving an authentication code by SMS text message after entering your password to log into an online account.
MFA is one of the best ways to protect against someone breaking into your account. It makes it harder for cybercriminals to take over your account by adding extra layers of protection.
MFA requires you to use a combination of two or more of the following factors to access your accounts:
Something you know (e.g. a PIN, password or passphrase)
Something you have (e.g. a smartcard, physical token, authenticator app or SMS)
Something you are (e.g. a fingerprint, facial recognition or iris scan)
MFA defends against the majority of password-related cyberattacks. For example, it protects against credential stuffing, where cybercriminals reuse previously stolen passwords from one site to access others.
Think of MFA like adding an alarm to your house. Even if someone guesses your password, they’d still need to get past another layer of defence — like entering a one-time code. A few extra seconds of effort could save you hours of lost access and compromised data.
MFA is also sometimes referred to as two-factor authentication (2FA) or two-step verification.
Options for MFA
SMS Code
A one-time password (OTP) sent via SMS. For example, after logging into an account, you'll receive a code to verify your identity. This is commonly used in online banking or adding new payees.
Authenticator App
Apps like Google Authenticator, LastPass Authenticator, Microsoft Authenticator or Authy generate time-based OTPs every 30 seconds. More secure than SMS, they work by linking your account to the app using a QR code or key.
Biometrics
Uses your unique characteristics — like facial recognition or fingerprints — to verify identity. It’s convenient and can't be forgotten or misplaced.
Security Key
A small hardware device (USB or wireless) that must be physically present to log in. One of the most secure MFA methods.
Turn On MFA
You should enable MFA on your most important accounts first, such as:
Email accounts, especially those that can reset other accounts
Financial services, like online banking
Payment platforms, such as eBay, Amazon, PayPal
Social media, including Facebook and Instagram
Government portals, like myGov
Most services will offer MFA setup under their security or account settings.
If unsure, search: "How to turn on MFA for [service name]" or look in your account’s settings. If a service doesn’t offer MFA, use a strong, unique password.
Security Tips
Even with MFA enabled, it’s important to stay alert. Here’s how to keep your accounts even safer:
Avoid clicking sign-in links in texts or emails.
Scammers impersonate banks and government agencies. Always go directly to the official website.
Never share MFA codes or approve unknown login requests.
MFA is your gatekeeper — if you share it, you could be handing your account over to someone else.
Layer your security.
Use different types of authentication for stronger protection (e.g. a password + biometrics).
Keep recovery options secure and updated.
If you lose access to your device, you’ll need backup email or authentication options.
Transfer MFA before replacing your device.
Before disposing of an old phone, move your authenticator apps and update phone numbers on your accounts.
Source: Australian Cyber Security Centre
Join our insights community
B&W Additions Pty Ltd
11/50 Market St Melbourne, VIC 3000
ABN 29 164 828 880
+61 3 9629 1433
Capstone Financial Planning
L1, 607 Bourke St Melbourne, VIC 3000
ABN 24 093 733 969
AFSL 223135
1300 306 900
© Copyright 2025 B&W Additions Pty Ltd. All rights reserved.
Join our insights community
B&W Additions Pty Ltd
11/50 Market St Melbourne, VIC 3000
ABN 29 164 828 880
+61 3 9629 1433
Capstone Financial Planning
L1, 607 Bourke St Melbourne, VIC 3000
ABN 24 093 733 969
AFSL 223135
1300 306 900
© Copyright 2025 B&W Additions Pty Ltd. All rights reserved.
Join our insights community
B&W Additions Pty Ltd
11/50 Market St Melbourne, VIC 3000
ABN 29 164 828 880
+61 3 9629 1433
Capstone Financial Planning
L1, 607 Bourke St Melbourne, VIC 3000
ABN 24 093 733 969
AFSL 223135
1300 306 900
© Copyright 2025 B&W Additions Pty Ltd. All rights reserved.