Stay Secure: The crucial role of confirming Multi-Factor Authentication prompts
In today's interconnected digital world, safeguarding your online accounts is more crucial than ever. One powerful tool in your cybersecurity arsenal is multi-factor authentication (MFA), a method that adds an extra layer of protection to your online presence. While MFA significantly reduces the risk of unauthorised access, it's essential to remain vigilant and only confirm MFA (i.e., verifying login on your Okta Verify app or passing one-time code generated by an OTP app like Google Authenticator) prompts that you initiate yourself.
Understanding Multi-Factor Authentication:
Multi-factor authentication, often referred to as MFA, is a security process that requires users to provide multiple forms of verification before gaining access to their online accounts. MFA ensures that even if a hacker obtains your password, they still can't access your account without the additional verification methods.
The University of Adelaide uses Okta as our MFA provider.
The Importance of Vigilance:
While MFA adds a robust layer of security, it's crucial to exercise caution when responding to MFA prompts. Cybercriminals have become increasingly sophisticated in their tactics, often using social engineering to trick users into confirming prompts (or elicit users to send one-time codes) that they did not initiate. This can lead to unauthorized access to your accounts and potential data breaches.
Tips for Staying Secure when using MFA:
- Initiate the Interaction: Always be the one to initiate the login process. If you receive an MFA login prompt on the Okta Verify app without trying to log in, it could be a red flag. Cybercriminals may attempt to lure you into confirming prompts through phishing emails or fake websites.
- Check the Source: Before confirming an MFA prompt, ensure that it's coming from a legitimate source. Double-check the website's URL, email sender, or app notification to verify its authenticity. Hackers often use cleverly crafted domains or email addresses that resemble legitimate ones.
- Trust Your Instincts: If something feels off about the MFA prompt, trust your gut instincts. Cybercriminals often rely on urgency or fear to manipulate users into taking action without thinking.
- Use Authenticator Apps: Use the Okta Verify app rather than text messages/phone calls for MFA codes. Authenticator apps generate time-sensitive codes that are more difficult for hackers to intercept. The University of Adelaide supports the use of the following authenticator applications
- Okta Verify (preferred)
- Google Authenticator
- Microsoft Authenticator
- OTP Manager
Do not use SMS for MFA, as it is less secure and more susceptible to interception (SMS will be turned off as an MFA factor by end of 2023).
Multi-factor authentication is a powerful tool in the fight against cyber threats, significantly enhancing the security of your online accounts. However, its effectiveness relies on your vigilance and cautious approach. By only confirming MFA prompts that you initiate yourself and following the tips mentioned above, you can fortify your online defenses and ensure that your valuable data remains safe from prying eyes.
Remember, staying secure is a shared responsibility, and by taking these proactive steps, you contribute to a safer online environment for yourself and others.
For more information on Multi-Factor Authentication at the University of Adelaide, please visit https://www.adelaide.edu.au/technology/mfa