KG
← Back to articles
Online safety3 min read

Why MFA is a great way to secure your accounts

How multifactor authentication protects your accounts even when a password is stolen, and which verification methods offer the strongest security.

On this page
  1. How MFA works
  2. Why MFA matters
  3. Choose stronger verification methods
  4. Accounts to protect first

Passwords are often the first line of defence for an online account, but they are not always enough. Passwords can be guessed, stolen through phishing, exposed in a data breach, or reused across multiple websites. Multifactor authentication, commonly known as MFA, adds an extra layer of protection.

How MFA works

MFA requires you to provide more than one form of verification when signing in. These forms of verification usually fall into three groups:

  • Something you know, such as a password or PIN
  • Something you have, such as a mobile phone, authentication app, or security key
  • Something you are, such as a fingerprint or facial recognition

Most services combine a password with an approval notification, temporary code, authentication app, or physical security key.

Why MFA matters

The main benefit of MFA is that a stolen password is usually not enough for an attacker to access your account. Even when someone knows your password, they may still need another form of verification that only you can provide.

This extra step makes common attacks much less likely to succeed. It is especially valuable when a password has been exposed without your knowledge.

Choose stronger verification methods

Authentication apps and security keys generally provide stronger protection than codes sent by text message. They can also reduce the risk of attacks involving stolen phone numbers or intercepted messages.

When a service offers several MFA methods, consider using them in this order:

  1. A physical security key
  2. An authentication app
  3. An approval notification in a trusted app
  4. A code sent by text message

Any MFA is generally better than relying on a password alone, but the strongest available method should be used for important accounts.

Accounts to protect first

MFA is especially important for accounts that contain sensitive information or can be used to access other services. Prioritise:

  • Email
  • Banking and payment services
  • Social media
  • Cloud storage
  • Workplace accounts
  • Password managers

Email accounts should come first because they are often used to reset passwords for other services.

Turning on MFA usually takes only a few minutes, but it can make an account significantly harder to compromise. It is one of the simplest and most effective steps you can take to improve your online security.