playground obstacle course for fun in MFA

Putting the Fun in MFA (Video)

MFA stands for Multi Factor Authentication, and most people’s eyes glaze over whenever they hear it. They don’t think “fun.” But we’re going to change all that.

First, let’s be clear on what we’re talking about.

What is MFA?

You probably know what it is if you have a Google account or an online bank or credit card account. MFA is additional verification beyond using a password to log in. It can be an app or code or biometric check that you do to prove you are who you say you are. You may have also heard the term 2FA, which stands for 2 Factor Authentication.

Here’s an example of how it works. When I log into my credit card account, I type in my username and password. After I hit Enter, I will immediately be texted a code on my cell phone that I need to enter before I can access my account. The code, which expires after a few minutes, is an extra factor that proves it’s me.

Used in another way, if I log into Google when I’m out of town, I’ll automatically get an email or notification saying there is unusual activity. I then need to enter the code they have sent to my backup email address to prove I am the one logging in.

It’s an extra step to protect my account that, even though it can be annoying at times, I really appreciate. Because there’s nothing that can make me more immediately nervous than getting a notification of unusual activity via email or text when I didn’t just try to log in.

This animation explains it better. Watch the minute-and-a-half to understand what MFA is and why it’s important.

Why Implementing MFA is Important

As the video shows, we humans can be rather lazy when it comes to our passwords:

  • 51% use the same ones across multiple accounts.
  • And 57% haven’t bothered to change them even after being hacked!

The video doesn’t even touch on some of the other bad password habits too many of us still have such as writing them on sticky notes that we leave on our desks. Or ‘claiming’ that we use different passwords for everything, but really it’s the same core word or phrase and just different numbers at the end of it. Or—and this one is really asking for trouble so please change your passwords immediately if you have any of these—leaving the default password on an account. Examples of this are Passw0rd or Password123. Get resources for stronger passwords here.

So now considering the stats above, plus the common bad habits, and all the millions of breached passwords…the reality is that your business network without MFA isn’t just an unlocked front door; it’s wide open.

How do we Make MFA Fun?

Now that you’re convinced MFA is worth it, how do we make it more fun? Because let’s be honest, we often automatically think of stronger security as cumbersome. We think of extra steps like entering codes or approving notifications, and we roll our eyes or get frustrated that something simple now needs to be more complicated.

But maybe we’re thinking about cybersecurity all wrong.

Maybe, rather than looking at it as extra steps, we need to think of each layer of protection as slowing the criminals down.

We need to stop thinking of it as obstacles for us, and instead picture it as an obstacle course that we control.

Stay with me for a second.

Think back to when you were a kid. Did your school have an event called Field Day, that one day near the end of the year where you would all go to a park and play games and run around and maybe even compete and win prizes?

I think we need to bring that energy and fun and creativity to our cybersecurity. Let’s make it a game to see who can frustrate the criminals the most. Instead of a simple race, let’s tie some legs together and make it a three-legged race. That’s what using strong, unique passwords can do; it slows them down.

Instead of running to the Finish Line in a simple straight line, let’s include some tires to step in and out of and some bars to jump over or crawl under (again, slowing them down).

Put in action: ‘You got my Netflix password from that breach? Well, I’ve already changed it, and I use different passwords for every account, so that’s not going to get you anywhere.’

Or picture the criminals trying to swing across the monkey bars. They’re dangling on one ring while they stretch for the next…but you’ve removed that next ring so they won’t ever cross the finish line. That’s the beauty of MFA: even if they somehow get your password, they don’t have the next required authentication step, for example, your cell phone to receive the code.

Not feeling the Field Day/obstacle course concept? Channel your inner ‘Kevin McCallister’ from Home Alone to thwart some bad guys. We’ll make this part of the floor slippery and then scatter Legos and pointy, painful toys over here to break your fall. Or, my passwords are so strong and complicated (because I use a password manager) that it’s like heating up the doorknob so you burn your hand when you try to come in uninvited.

You can’t tell me that’s not fun!

Okay, maybe it’s bordering on silly (or over the line into ridiculous). But the point is that strengthening your cybersecurity doesn’t have to be a chore. It is designed to protect us, and we need to embrace any layers we can add to slow the criminals down and make other targets more attractive to them than we are.

So if you haven’t implemented MFA in your business yet, please talk to your IT services provider about doing so. And if you don’t have an IT partner you trust, then reach out to us. We’re all too connected now to leave anyone open to preventable risk.