Multi-factor authentication means having extra checks to prove your identity

For example, you may need an authentication code from a text message in addition to your password to log into your account.

Having multi-factor authentication (MFA) gives you an extra layer of security

The many layers of authentication increases confidence that the person logging in is actually who they claim to be. MFA typically requires a combination of something a user knows (like a PIN or password), something a user has (like a smartcard or physical token) and something a user is (like a fingerprint or other biometric) to access a device, application or online service.

Having two or more authentication factors increases your cyber security. It makes it harder for someone to access your account.

Enabling multi-factor authentication

Learn what MFA is and how it can help protect your online accounts. Enabling MFA is easy and gives you more security.

Case study: The importance of turning on multi-factor authentication

One day, Verity got an email about an online order she didn’t make. After looking into it, she saw a few charges on her bank account that shouldn’t have been there. She suspected a hacker had found out her bank card, email, and password when she last bought something online.  

Verity used the same password for all her accounts, like online shopping, email, social media, and banking. She didn’t have multi-factor authentication (MFA) for many of them. So with a single password, the cybercriminal was able to gain access to many of these accounts. 

She tried changing the passwords on her most important accounts, but the hacker had already locked her out. If her accounts had MFA, it would have helped keep the hacker out.  

This case shows why MFA is important. It adds an extra layer of security in case hackers get access to your login details. It also shows why you should never reuse the same password across multiple accounts.


The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is here to help all Australians affected by cyber incidents. Call our hotline 24/7 on 1300 CYBER1 (1300 292 371) if you need help or go to ReportCyber.

Some authentication factors for use with MFA include:

Physical token

A physical token that shows a time-limited one-time PIN on its screen

This is typically a small physical token with a display that shows a code on the screen.

Security key

These can be used in addition to or in place of a password. They act like an electronic key.

This is a small physical token that is often plugged into your device via a USB port, or kept in close proximity for wireless versions.

Biometrics or fingerprint

Using your fingerprint, face or iris scan to validate your login

An example of this is when using your face or fingerprint to access your device or mobile apps.

Authenticator app

A mobile application that generates a random one-time PIN or password

These can be stand-alone mobile apps or part of existing apps. The Google Authenticator or Microsoft Authenticator mobile apps are examples of these.

SMS, email or voice call

A random code that you receive or enter to access a service

This is often referred to as a ‘one-time PIN’. An example is when you receive a SMS code before using online banking to transfer money to a new payee for the first time.

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it