Read The Times Australia

Daily Bulletin

What is multi-factor authentication, and how should I be using it?

  • Written by: Jongkil Jay Jeong, CyberCRC Senior Research Fellow, Centre for Cyber Security Research and Innovation (CSRI), Deakin University
What is multi-factor authentication, and how should I be using it?

Data breaches are becoming commonplace in both small and big tech companies. The most recent victim was Australian telecommunications company Optus, resulting in unauthorised access to the identity data of roughly 10 million people.

Adding to the misery of the victims, this cyber-attack further unleashed a plethora of subsequent phishing and fraud attempts using the data obtained from this breach.

Read more: The 'Optus hacker' claims they've deleted the data. Here's what experts want you to know

Having more rigorous security measures when logging in can help to protect your accounts, and significantly reduces the likelihood of many automated cyber attacks.

Multi-factor authentication (MFA) is a security measure that requires the user to provide two (also known as two-step verification or two-step authentication) or more proofs of identity to gain access to digital services. This typically requires a combination of something the user knows (pin, secret question), something you have (card, token) or something you are (fingerprint or other biometric).

For example, the Australian Tax Office recently tightened some rules for digital service providers on the mandated use of multi-factor authentication. If you use certain services, you’re already familiar with MFA.

But not all MFA solutions are the same, with recent studies demonstrating simple ways to subvert more common methods which are used to lodge cyber-attacks.

Furthermore, people also prefer different MFA options depending on their needs and level of tech savviness.

So what are the options currently available, their pros and cons, and who are they suited for?

There are four main methods of multi-factor authentication

  • SMS: Currently the most common option involving a one-time password (such as a code) sent via text message. Although quite popular and easy to use, the password or code texted to you can commonly be hacked by malicious apps on the phone or by redirecting the SMS to a different phone. The method also fails if your smartphone doesn’t have service or is powered off.

  • Authenticator-based: Another common method, in which an application installed on your smartphone (such as Google Authenticator) generates one-time passwords valid for a very short time span, such as 30 seconds. Although more secure than text messages, malicious apps can still steal these one-time passwords. The method also fails if your smartphone is out of power.

  • Mobile app: Similar to authenticator apps, but a user is sent a verification prompt rather than a one-time password. This requires your smartphone to have an active internet connection and be powered on.

  • Physical security key: The most secure mechanism; it uses a hardware security key (such as YubiKey, VeriMark or Feitian FIDO) that needs to be connected to the device to verify identity – many of these look a lot like USB memory sticks. It’s the current leading method supported by companies like Google, Amazon and Microsoft, as well as government agencies worldwide.

A small usb-key like device with a golden y symbol on it
YubiKey is one example of a physical key you can connect to your device to verify your identity. Formatoriginal/Shutterstock

Each of these four methods varies in usability and security. For example, despite physical security keys offering the greatest level of security, the adoption rate is the lowest, with figures suggesting only a 10% uptake.

Read more: How hackers can use message mirroring apps to see all your SMS texts — and bypass 2FA security

Preference matters

Not only do different multi-factor authentication types vary in security, they also have different levels of popularity. This results in a discrepancy between the most reliable MFA method (the physical security key) and what is actually the most widely used (SMS).

Our team from Deakin University’s Centre for Cyber Security Research and Innovation recently conducted a study on the adoption of MFA technologies. We surveyed more than 400 participants belonging to different age groups, educational backgrounds, and experience with MFA.

Results from our study indicate that people’s preferences are impacted not just by their security needs, but also by usability. The majority of users cared most about the simplicity of the MFA method – this clearly explains why SMS-based solutions still dominate the landscape, even though there are safer alternatives.

In our follow-up study, users were given the most popular physical security keys for one month, to test unsupervised. Preliminary results suggest most users found the physical keys effective and intuitive to use.

However, the lack of platform support and setup instructions created a perception that these keys were difficult and complex to install and use, resulting in a lack of willingness to adopt.

One size does not fit all

We believe there needs to be careful consideration before any government agency or company mandates MFA, with a few key steps to consider.

Different people and organisations will have different needs, so in some cases a combination of methods could work best. For example, an SMS-based solution may be used in conjunction with a physical security key for access to critical infrastructure systems that need higher levels of security.

Additionally, user education and awareness is vital. Many people aren’t aware of the importance of MFA, and don’t know which methods are the safest.

By taking some personal responsibility and using highly effective methods such as physical security keys to protect our most vulnerable accounts, we can all do our part to make the web a safer place.

Read more: What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide

Authors: Jongkil Jay Jeong, CyberCRC Senior Research Fellow, Centre for Cyber Security Research and Innovation (CSRI), Deakin University

Read more https://theconversation.com/what-is-multi-factor-authentication-and-how-should-i-be-using-it-191591

Business News

How to Rent a Car for Uber in Melbourne: What Every New Driver Needs to Know

Starting out as an Uber driver in Melbourne is not as complicated as it sounds but getting the vehicle right is where most new drivers get stuck. Uber has strict requirements around vehicle age, condi...

Daily Bulletin - avatar Daily Bulletin

When Should You Speak to a Lawyer About a Legal Issue?

Legal issues can begin with a simple question, then become harder to manage once formal steps are involved. Many people wait until a matter feels urgent before seeking guidance, even though earlier ...

Daily Bulletin - avatar Daily Bulletin

The strategic rise of Bali as Australia’s next essential healthcare support hub

As Australian healthcare providers grapple with unprecedented operational bottlenecks, a new nearshore model is quietly transforming patient care delivery. Forward-thinking organisations,  including...

Daily Bulletin - avatar Daily Bulletin

Cost Savings and Benefits of Using Used Pallets in Logistics

In today’s competitive logistics and supply chain industry, businesses are constantly looking for ways to reduce operational costs without compromising efficiency and reliability. One of the most prac...

Daily Bulletin - avatar Daily Bulletin

How Fulfilment Services in Australia Help Businesses Scale Efficiently

The growth of e-commerce and modern retail has transformed customer expectations. Consumers now expect fast shipping, accurate order processing, and seamless delivery experiences regardless of where...

Daily Bulletin - avatar Daily Bulletin

Practical Ways Australian Workplaces Can Reduce Operating Costs

Reducing business costs doesn’t always mean cutting staff, shrinking services or making the workplace feel bare-bones. In many cases, the smarter savings are hiding in everyday operations: the light...

Daily Bulletin - avatar Daily Bulletin

Executive Recruitment Solutions That Help Organisations Secure Exceptional Leaders

Leadership has a direct impact on organisational performance, employee engagement, strategic growth, and long-term success. Businesses operating in increasingly competitive environments require experi...

Daily Bulletin - avatar Daily Bulletin

Why A WooCommerce Website Designer Matters For Online Growth

Running an online store today requires more than simply listing products and waiting for customers to arrive. Businesses need a website that is fast, reliable, easy to navigate, and designed to suppor...

Daily Bulletin - avatar Daily Bulletin

Turning Your Empty Tables into Revenue

The rise of AI demand tools in hospitality, the EatClub–CommBank partnership, and seven trends reshaping Australian dining  A growing number of Australian venues are turning to AI-powered demand mana...

Daily Bulletin - avatar Daily Bulletin

The Daily Magazine

DIY Rodent Control Vs Professional Help: When Is It Time To Call The Experts?

Rodents are one of the most frustrating pest problems for Australian property owners. Rats and mic...

Lighting Shop in Perth: How The Right Lighting Can Transform Your Home And Business

The right lighting can completely change the look, feel, and functionality of any space. Whether it ...

Traffic Light System Solutions For Safer And More Efficient Traffic Management

Modern cities and growing communities rely heavily on effective traffic management to ensure safety...

Gold Migration Lawyers in Liquidation: How the Closure Affects Your ART Appeal

If your appeal was with Gold Migration Lawyers, a recent change to how the Tribunal decides cases ...

The pressure cooker: life in urban Australia in 2026

Australian cities have always been demanding. Long commutes, rising housing costs, busy schedules a...

What Actually Makes a Good Criminal Lawyer in Melbourne

Most people only think about this question once. That is usually too late. Most people charged wi...

Why Working With A Chatswood Tutor Can Improve Academic Performance

Academic expectations continue increasing for students across primary school, high school, and senio...

Is It Worth Getting Solar Panels in Melbourne?

The real question is not whether solar works in Melbourne. It works. The question is what it is co...

How A Diploma Of Project Management Builds Practical Skills For Modern Work Environments

Developing the ability to plan, execute, and deliver outcomes efficiently is a key requirement in to...