Over the years, cybercriminals have become more sophisticated and employed increasingly complex ways to infiltrate your accounts.
As cybersecurity threats continue to escalate, you may have been advised by some of your service providers to use multi-factor authentication (MFA) to safeguard your personal information and sensitive accounts.
While MFA sounds intimidating, the concept behind it is actually simple. MFA basically means using two or more factors or ways to confirm your identity, instead of relying on a single method.
Why is this so important? Employing multiple methods significantly increases your cybersecurity, and can provide greater peace of mind that your money and personal data will be kept safe.
We’ve provided some background information about MFA to help you better understand it, and hopefully feel more comfortable using it.
Over the years, cybercriminals have become more sophisticated and employed increasingly complex ways to commit account fraud. To counteract this, authentication methods used to identify account holders also needed to evolve.
Authentication started by relying on something you know to confirm your identity, such as usernames, passwords or security-related answers (such as your mother’s maiden name).
The problem with this approach? Individuals would use the same usernames, passwords or security answers for each of their accounts. So, if a cybercriminal determined this information for your email account, for example, they could use it in a domino effect to gain access to your financial, social media and other sensitive accounts.
Additionally, cyber breaches of major organizations exposed much of this personal information, allowing thieves to hit the data lottery. These fraudsters now have access to millions of records containing personal information, passwords, answers to step-up security questions and much more.
As a result, many institutions concluded this “knowledge-based” authentication approach was no longer sufficient to prevent financial crimes. They began to include an additional cybersecurity requirement – something you have or physically possess – such as your smart phone or other trusted device.
The drawback to this method? What happens if you lose that device? Or if a security code sent to your phone was intercepted by a cybercriminal in a phone porting or SIM card swapping scam?
Therefore, technology was developed that used something you are to identify you – meaning unique human features such as your fingerprints, eyes, face or voice. This biometric approach is the preferred alternative to passwords. So, for example, instead of typing in your password, you just hold up your phone to scan your face.
Again, the best approach is to use a layered strategy that uses two or more ways to verify your identity. At Morgan Stanley, we’ve invested in several forms of MFA to protect your assets and personal data:
Device recognition: Allows you to indicate which of your devices are trusted to handle your financial transactions and communications.
Push notifications: Enables you to receive an alert on your trusted device if we detect a login attempt to your accounts from another device.
Voice identification: Uses a voice print (like a fingerprint) to confirm your identity when you speak to a Morgan Stanley representative by phone.
Biometrics: Uses facial or touch recognition when using our mobile app in place of a password to confirm your identity.
For even stronger account protection, we’ve recently introduced another form of MFA: security keys. A security key is a small device that resembles a USB thumb drive. Some people carry it on their key chain. Security keys are considered the strongest form of “something-you-have” MFA currently available.
The same key can safeguard your email, social media, banking and other sensitive accounts as long as those account providers offer this technology. So, you won’t need a separate key for each account. (Morgan Stanley supports FIDO2 or U2F keys.)
Here’s how it works with Morgan Stanley Online: After registering your key with us, you’ll be prompted to enter your password (or present your biometric identification on our mobile app). You’ll then insert one of your registered keys into your USB port and tap the key with your finger to finish logging into your account. In essence, this combines something that you know (your password) or something that you are (your biometric identification) with something that you have (your security key).
Using a security key for your sensitive logins will also grant you greater protection from internet scams, such as fake sites implemented by cybercriminals to steal your login information. These phony sites often look so identical to the real site that it’s difficult for unsuspecting users to notice the difference.
When it comes to account security, there’s definitely strength in numbers. Make sure to use a layered approach that relies on multiple ways to identify you with all your financial accounts.