Multi-Factor Authentication set up guide
Multi-Factor Authentication (MFA) is rapidly becoming a standard security feature when you need to access your data. This guide outlines the popular options you have available to set yourself up and feel safe knowing that your data is protected.
1. Check that MFA is available
Next time you log in to the site you need to securely access, check the security settings and switch it on if it's available. From there you can set up MFA with your mobile device handy. You may be able to add more than one MFA option which is great - if your phone isn't available then it's a handy back up if you can authenticate via email instead.
2. What is the Authentication Factor?
There are a few common ways that MFA helps you gain access. After you submit your username and password on a site, you'll be prompted to enter a code which once submitted, will grant you access. Depending on what the owner of the website offers, this code is a random one-off time-sensitive code that can reach you in a variety of ways:
- Via an Authenticator App on your phone - of all three this is the most secure option which we recommend you activate every time it's available
- A call or SMS sent to your mobile phone
- An email sent to the email address you nominate
3. Setting up & using Authenticator Apps
There's a growing number of Authenticator Apps available. Some organizations offer their own authentication app (Macquarie & Suncorp bank for example), but there are many available that authenticate your access for an extended range of secure sites. Microsoft Authenticator, Google Authenticator & Authy are the most well known. Choose from the options below to access the set up and user instructions.
4. SMS/call authentication
Add your mobile phone number to your security settings when you next log in. As long as MFA is switched on, every time you attempt to log in, you'll automatically be sent (or prompted to be sent) an SMS with a code. Enter this code on the site and you'll be granted access.
5. Email authentication
Similar to SMS authentication, as long as MFA is switched on, every time you attempt to log in, you'll automatically be sent (or prompted to be sent) an email with a code. Enter this code on the site and you can successfully log in.
This type of authentication is not as secure as SMS - if your email address has been hacked, then the code could be visible to the hacker. We recommend you provide an alternative email address in your security settings which the code can be sent to.