File Image : IOL
DURBAN - Today, it’s not enough to protect online accounts with just a simple password. Security breaches occur all the time and even the big names in technology and social media can be compromised - in fact, the more popular they are, the greater the efforts of the hackers and criminals to break through their defences.

To counteract this, household names like Facebook, Microsoft and Google employ advanced security technology to protect their users. That’s not an excuse to be complacent though: ultimately, the responsibility to keep our accounts secure lies with us. We can do more to keep ourselves, our data and our money safe by enabling extra security features where they are available, choosing secure passwords, and never using the same password across multiple services.

Extra security: Without any additional measures a password can be quite vulnerable. If a password is the only thing between data and those who want to access it, all efforts to hack into an account are directed at this one gateway. When additional access requirements are in place, hackers may look elsewhere or be foiled even if they do crack the password. This is the multi-factor authentication, or MFA, which has existed for some time in corporate and financial IT systems and lately has become available in consumer services.

Multi-factor authentication (sometimes called two-factor authentication) needs at least two things to work: something you know and something you have. What you know is usually your user name and password. What you have might be a keypad device, a flash drive, smart card or, commonly, your smart phone. This is how it works: sign in to the service you wish to access as usual using your username and password. Once that’s done, before you can proceed, you will have to enter a code which is been sent to your phone by SMS or generated using an authenticator app. Only once this additional code is entered, will access be granted. Someone who knows both your username and password can’t access your account, just as someone who has your phone but not your username and password is equally foiled.

Convenient: To avoid the hassle of constantly waiting for an SMS on your phone, most MFA systems allow you to “remember” the device you are signing in on, which will let you skip the second step for say, a month before requiring a code again. Even if you enable this more convenient but slightly less secure option, MFA still protects your account when a hacker tries to access it using another device - as they won’t be able to proceed without the code sent to your phone or email.

Google, Facebook and Microsoft all offer MFA as an option - you just need to enable it in your account, which usually involves finding the relevant part in your account “Settings” area, verifying your phone or email by entering the details and then entering a unique code sent by SMS or email. Once this is set up, you are good to go and the next time you try to sign in, you should find your service prompting you for a code before you sign in. For specific instructions for services such as Facebook, Instagram and Twitter, see the guide at