2-Factor/Multi-Factor Authentication (MFA) prevents unauthorized access to you account. In practice, MFA means you need to verify your login attempt on another device: Typically it is done with a mobile phone, that is connected to the user profile. Another example for verification is a separate key code list; this was a common way for online bank authentication, before mobile applications replaced them. If your username and password are compromised (leaked to wrong hands), MFA helps to prevent unauthorized logins into the service, when it requires access to your phone.
- At the University of Oulu and Oamk, MFA is in use for MS Office 365 login.
- Take MFA into use where-ever you can.
This is an excellent video (in YouTube) about MFA and what it means:
If you use social media, take MFA into use also for your social media accounts
Here are instructions to some common social media services:
- Facebook: What is two-factor authentication and how does it work?
- Instagram: What’s two-factor authentication? How do I use it?
- Snapchat: Two-factor authorization
- Twitter: How to use login verification
Try to find out, how to turn MFA on also in other services you are using with an account that requires logging into the service. Share the tips with your family and friends!
MFA is not always required – this is a tug-of-war between ease of use and information security
MFA can feel bothersome if it is used every single time. Some services or internal networks may have e. g. device-specific mitigations, so that MFA is not required every time for the same device, when the service can recognize the device. This is of course also a risk if your laptop ends up in wrong hands, especially if not protected. Please take good care of your devices and note that if you lose the phone you use for MFA, it can mean that you yourself cannot access those services that require MFA.
(See why MS Office 365 login or MFA is not always required.)