When most people think of multi-factor authentication, or two-factor authentication (MFA or 2FA), they think of annoying texts and challenges getting logged into accounts. So why does your IT company keep recommending that you enable it?


If you are like most people (over 50% according to a recent study), you use the same passwords for multiple accounts. When one of those accounts gets breached, that username and password can be sold on the dark web, where bad actors then try the same email and password combination on a multitude of sites, usually in an automated fashion. So far in 2022, companies ranging from The Sleep Company, The American Dental Association, and Coca Cola have been hit with successfully cyberattacks. In the past, companies such as Home Depot and Target have experienced cyber attacks that have exposed user’s passwords. So if the “bad guys” have your common username and password, how can you protect your online accounts?

MFA offers an additional layer of security beyond a username and password. While even MFA can be breached, it adds significant strength to the accounts where it is enabled, as your username and password are not enough to log in – you are prompted to enter a code texted to a verified mobile phone, or from an app that is protected by a PIN (or face/touch ID).

A 2019 study by Microsoft concluded that 2FA can block over 99% of automated cyber attacks, and similar studies by other large companies show similar results. As the business world becomes increasingly digital, the amount of cyber crime increases, and we need to take additional steps to block it. Studies have shown that so far in 2022, a ransomware attack occurs every 11 seconds, which is a greater than 10% YOY increase.

If you do not have multi-factor authentication enabled for your organization, please reach out to your account manager to discuss next steps. Office365 email, for example, has this functionality built-in and can be enabled for no additional hard-costs beyond the labor to set it up. Other two-factor options are available for remote work and windows logins, which may involve extra charges, but compared to the downtime associated with a hack, the extra steps to log into an account are well worth it.