Research shows multi-factor authentication works

Security experts have long advised using multi-factor authentication (MFA) to help secure your most important accounts. Now Google has research showing the technology blocks the vast majority of attacks.

MFA takes the traditional user login and password and adds additional authentication factors from two or more of the following:

  • Something you know, such as a password
  • Something you have, such as a smart phone
  • Something you are, such as facial recognition or a thumbprint.

One of the most common forms of MFA is having a code texted to your smart phone as a final step before accessing an account.

Google's research found that taking this extra step helped block 100 percent of automated bots, 96 percent of bulk phishing attacks and 76 percent of targeted attacks. Bots are software applications that run automated tasks over the internet.

An authenticator app, a more secure replacement for text messages, helped prevent 100 percent of automated bots, 99 percent of bulk phishing attacks and 90 percent of targeted attacks. An authenticator app installed on a smart phone automatically generates account access codes without using text messages.

Google teamed up with researchers from New York University and the University of California, San Diego for its yearlong study.

For more information on MFA and how to stay safe online, please see the Cybersecurity for Home and Family presentation on the Office of CyberSecurity YouTube channel.