Why multi-factor authentication is an essential part of cyber security

February 17, 2020

Passwords are an essential part of staying cyber secure. But they’re not infallible.

Cyber criminals can use various methods to guess, steal, and compromise your passwords.

But multi-factor authentication can help. You can use multi-factor authentication to make it more difficult for cyber criminals to access your devices and accounts. Nowadays, most companies offer multi‑factor authentication features on their products.

What is multi-factor authentication?

Multi-factor authentication means that you need more than one authentication factor to log in to a device or an account. For example, to unlock your phone, you need to enter a passcode and scan your fingerprint. Many software vendors and other service providers offer this security feature so that you can add a layer of security to your devices and online accounts. With this feature enabled, you need to provide multiple pieces of authenticating information to access a device or an account. If cyber criminals gain access to one piece of information (e.g. your password), they still need to provide additional pieces of information to successfully gain access to your accounts.

Think of it like this: When you’re trying to log in to your online banking account, you use a password to demonstrate that you are the account owner—you’re verifying your identity. The idea is that you should be the only person who knows the password associated with that account.

The problem, of course, is that using a single factor, such as a password, to authenticate you is imperfect. A cyber criminal can steal or guess your password.

That’s when it helps to have, at least, a second authentication factor.

Multi-factor authentication is a way for software vendors and other service providers (e.g. a bank) to say, “OK, you have one piece of information that identifies you as the account owner. But can you provide two pieces of information? Three? Four?”

Multi-factor authentication is an important cyber security measure because it. Multi-factor provides an added layer of security for devices, accounts, and information.

How multi-factor authentication works

The most common form of multi-factor authentication is pairing your log in credentials, meaning your username and password, with another authentication factor. In many cases, this is 2-step verification – something like a text message sent to your phone or an email sent to your inbox. Which is better than a password alone. But what’s best is using a second authentication factor: something you have (e.g. a token, smartcard) or something you own (e.g. a biometric like a fingerprint).

On social media, for example, the chain might go like this:

  1. To gain access to your social media account, you need to enter the password
  2. To make significant changes to that account, you need to scan your fingerprint

This ensures that a cyber criminal can’t make significant changes to the account (such as changing the email address for password recovery).

How multi-factor authentication can help you

The easiest way to think of multi-factor authentication is through a real-life analogy. Imagine you have a safe at home with lots of valuable possessions inside. The safe is protected with a code, which provides one layer of security. But let’s say someone gets a hold of that code. They can use it to open the safe.

Let’s say that in addition to a code, you also needed another element to open the safe ­– a device that scanned your face or a text message that was sent to your phone. The fact that you need those additional steps to open the safe makes it more difficult for anyone else to open it.

It’s the same with multi-factor authentication. Say, for example, that you’ve turned on multi-factor authentication for a social media account. If someone guesses your password, they still can’t log in to your account. To log in, they also need to provide another piece of information to log in.


Multi-factor authentication is a key component of keeping yourself cyber secure. So don’t wait! Use multi-factor authentication on your key accounts now.

Follow Get Cyber Safe on Twitter, Facebook and Instagram.


By submitting a comment, you agree to have Public Safety Canada collect the comment and publish it on this website (comment policy).


There are no comments at this time

Date modified: