Turn on multi-factor authentication before it’s too late
Bowling Green, Ky. (October 23, 2025) - In cybersecurity, small actions can have a significant impact. As a strategic broadband advisor for Connected Nation, I often stress the importance of fundamentals like strong passwords, software updates, and caution about phishing. Another fundamental step every person should take is enabling multi-factor authentication (MFA). Securing your personal and business accounts with MFA can significantly boost your defenses against hackers.
You might see it called two-factor authentication, multi-factor authentication, two-step authentication, MFA, or 2FA. All these terms mean the same thing. Each one involves opting in to an extra step to verify your identity with trusted websites and apps.
Simply put, MFA means you must confirm your identity in more than one way before gaining access to an account. It combines something you know (like your password) with either something you have (such as your phone or a security key), or something you are (like your fingerprint). Even if a hacker steals your password, they still can’t access your account without that second factor.
So, why is MFA so important? Because passwords alone are no longer enough. Even if you follow all the steps in our last Cybersecurity Awareness Month post, you can still be at risk. Phishing emails, password leaks, and credential theft happen every day. Hackers can easily buy stolen passwords on the dark web or use automated tools to guess weak ones. More than 95% of identity-based attacks could have been avoided with MFA. That statistic alone should make every business owner and individual take notice.
Let’s discuss the various MFA methods available and determine which ones are most effective. Not all MFA methods are equal.
Physical security key: The most secure option is a physical security key, such as a YubiKey, which plugs into your computer or connects wirelessly to your phone. This compact device makes phishing nearly impossible because it verifies that you’re logging into the genuine website — not a fake created by scammers.
Authenticator app with number matching: Next is an authenticator app with number matching. This method sends a code or prompt to your phone, where you confirm the login attempt by entering a matching number. It’s straightforward, fast, and very secure.
Authenticator app with one-time code: Another reliable option is an authenticator app that generates a one-time code every 30 seconds. Apps like Microsoft Authenticator or Google Authenticator generate these codes, making them harder for hackers to intercept.
Biometric methods: Biometric options, such as fingerprint or face scans, are also helpful, especially when combined with other MFA methods.
Text or email: Lastly, you can receive a code via text message or email. This method is the most common but also the least secure. Text messages can be intercepted through SIM swapping or phishing, and email accounts can be hacked. If this is your only choice, use it — it is better than nothing. Whenever possible, switch to a more secure method.
Some people still hesitate to enable MFA because they claim it’s too inconvenient or too time-consuming. The truth is, the few extra seconds it could take to verify your login could save you hours and days of frustration and financial damage if your account is compromised.
Remember, cybercriminals aren’t just targeting big corporations. They’re targeting you. Whether it’s your email, bank account, or social media, MFA can prevent unauthorized access.
If you haven’t enabled multi-factor authentication on every possible account yet, do so today. Log in to your most important accounts, your email, financial, and social media, and look for “Security Settings” or “Login Verification.” It’s one of the easiest cybersecurity steps you can take, and it works.
Be safe. Be smart. And turn on MFA.
Previous Cybersecurity Awareness Month articles:
- How to spot and stop phishing scams this Cybersecurity Awareness Month
- Passwords: Your first line of defense
- The importance of integrating cybersecurity awareness in the age of BEAD and digital equity
About the Author: Michael Ramage is the Connected Nation Strategic Broadband Advisor. Michael provides consultative services in support of CN’s federal BEAD and DEA grant related activities and deliverables. These include but are not limited to state and community action plan development, policy interpretation and/or creation, grants administration, community engagement as well as digital equity and inclusion (DEI) programming.