Multi-Factor Authentications: A Waste of Your Time?

Cybersecurity is a multi-faceted initiative. Protecting your business – and your family – from cybercrime requires a wide range of oversight and activities. One process being broadly employed is known as “multi-factor authentication” (MFA). Technically defined as a “security system,” MFA requires a user to provide more than a single input or authentication before granting access to an asset, a location or an online account.

Such required authentications are typically categorized in three ways:

  1. Something you know (such as a password)
  2. Something you have (like a key fob)
  3. Something that uniquely identifies only you (such as a fingerprint)

The often-used term “two-factor authentication” is a subset of multi-factor authentication, which, as the name implies, allows access after two separate inputs.

MFA is not new; it has been in use for decades. One of the oldest applications is the bank ATM. To withdraw money from the ATM, you need minimally a two-factor authentication: your ATM card, which is the “something you have,” and your PIN (personal identification number); the “something you know.”

With the exponential growth of the internet and online accounts, MFA enhances protection beyond a password, that is, a single-factor authentication. Because people often use the same password for multiple online accounts, hackers have a much easier time gaining access to single-factor authentication online accounts than MFA accounts. MFA provides a much-needed additional layer of protection to compensate for the bad habit of repeatedly using the same password. (See our article, “Don’t Pass on Password Managers”, to learn about another layer of protection.)

The next time you are frustrated with the extra time it takes to enter multiple authentication factors, take heart. Your business or organization has deployed an additional layer of protection for you. It might be a little inconvenient, but it is hardly a waste of time.

MFA is one aspect of a multi-layered cybercrime defense strategy. We can help you develop your own strategy to protect your business and family. Contact Bill Heaven at 330-758-8613; or email As always, we’re happy to answer your questions and discuss your concerns.

About the Author(s)
William Heaven is a Senior Manager in HBK’s Information Technology (IT) Department and works out of the firm’s corporate office in Youngstown, Ohio. He specializes in cyber security, IT security, external IT audit, internal IT audit, IT consulting, software Development, IT governance, PCI-DSS, supply chain, system implementations and e-Commerce and has worked for a wide range of industries, including the Public Accounting field. Bill is a certified public accountant, a certified information system auditor, and a certified supply chain professional. He earned a Bachelor of Business Administration degree in Computer Science from Kent State University. Bill is a member of the American Institute of Certified Public Accountants (AICPA), the Ohio Society of Certified Public Accountants (OSCPA), the Information System Audit and Control Association (ISACA) and the Canfield Chapter of Rotary Inter
Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.