2022 has revealed to Australians some ugly flaws of the internet, with multiple data privacy events affecting over 9 million people’s information security and online safety.

So, how do we protect our data moving forward from this? One easy thing you can do is set up Multi-Factor Authentication (MFA) on your online accounts to further safeguard your identity, finances, and more!

What is MFA?

Multi-Factor or Two-Factor Authentication, known as MFA or 2FA, is an extra security step to allow users to verify their identity before accessing sensitive information. In fact, you’ve probably seen it used in your online accounts already! MFA is being widely adopted now by most online platforms and services (including yours truly).

Some examples of MFA used in addition to your regular password can include:

• ‘Biometric’ security, such as using your fingerprint, Face ID, or voice recognition.

• Authenticator codes, which can be obtained from a third-party code generator app or physical token

• Two-factor PIN codes, which can be sent as an SMS or Email.

• Security questions, such as “What is your mother’s maiden name?”

Who should be using MFA?

In the words of Aussie legend Vanessa Amorosi – Absolutely everybody!

Why should I set up MFA on all my online accounts?

Multi-Factor Authentication adds an extra level of security that makes it more difficult for dodgy people to access your information.

You may have seen many websites are starting to make it compulsory to set this up.

Where should I use MFA?

Wherever the option is available to set it up!

When Multi-Factor Authentication is not available, you can still further secure your online accounts by ensuring each account has its own strong password or passphrase that is not used anywhere else, see our post on passphrases here. This way, if the worst happens and your password is compromised, it cannot be used to access any of your other online accounts.

How do I get started?

Check out the following guides on how to set up MFA for some of the most popular online accounts:

• Setting up MFA on your Facebook Account

• Setting up MFA on your Instagram Account

• Setting up MFA on your Microsoft/Outlook Account

• Setting up MFA on your Google/Gmail Account

Setting up MFA on your Facebook Account

On a computer

1. First, we need to head to your Two-factor authentication settings. If the link didn’t work, you can follow these steps to navigate to these settings:

   1. Click your profile picture in the top-right corner of the Facebook home page, then click Settings & privacy, then Settings from the menu that shows after.

   2. On the next page, click Security and login on the left menu, then click Use two-factor authentication, approximately halfway down this page.

2. This page will have a few options for you to set up MFA. You can set up more than one to further boost your account security. For this demonstration, we’ll be choosing the Authentication app

3. After clicking this option, a QR image will be shown, as well as a code for manually setting up your MFA. Do not share these with anyone! Using a code generator or ‘authenticator’ app on your phone, such as Google Authenticator [iOS / Android], scan this QR code.

4. Click Continue on your computer, once you’ve scanned the QR code, and added it to your app. The next page will ask you to confirm a 6-digit code generated by your app.

5. Once you’ve successfully confirmed a newly generated code from the app, your Two-factor authentication is all set up!

When you next log in to Facebook on a new device, you’ll be asked to enter one of these codes before you can access your account.

We reckon it’s best that you repeat these steps to explore the other Multi-Factor Authentication options available to you and setting up another method in addition to this to further reinforce your account security.

In the Facebook app

1. First, we need to head to your Two-factor authentication settings. The steps to get to this part might be slightly different depending on your app version.

   1. Tap your profile picture (this may instead show as three horizontal lines ☰) in the bottom-right corner of the Facebook app, then click the cog-shaped settings button in the top-right section of this menu.

   2. Scroll down on this page to the Security heading, and then tap Security and login.

   3. On the next page, scroll to the Two-factor authentication heading and tap Use two-factor authentication.

2. This page will have a few options for you to set up MFA. You can set up more than one to further boost your account security. For this demonstration, we’ll be choosing the Authentication app

3. After tapping this option, a QR image will be shown, as well as a code for manually setting up your MFA. Do not share these with anyone! Using a code generator or ‘authenticator’ app on your phone, such as Google Authenticator [iOS / Android], scan this QR code.

   1. If your authenticator is on the same device, tap the long string of letters and numbers under the QR image to copy it on your phone, and then paste it into your chosen code-generating app. If your app is on a different device, you can simply scan the QR into the app.

4. Go back to the Facebook app and tap Continue once you’ve added the code to your authenticator app. The next page will ask you to enter a 6-digit code generated by your app.

5. Once you’ve successfully confirmed a newly generated code from the app, your two-factor authentication is all set up!

When you next log in to Facebook on a new device, you’ll be asked to enter one of these codes before you can access your account.

We reckon it’s best that you repeat these steps to explore the other Multi-Factor Authentication options available to you and setting up another method in addition to this to further reinforce your account security.

You can reference cyber.gov.au for more detailed steps on setting this up.

Setting up MFA on your Instagram Account

1. First, open the Instagram app on your device of choice. These steps can be completed on the Instagram website, too.

2. Tap your profile picture in the bottom-right corner, then tap the three horizontal lines ☰ in the top-right corner, then tap Settings.

3. On the next page, tap Security, then tap Two-factor authentication on the following page. If you haven’t got this set up already, you’ll need to tap Get Started to begin setup.

4. This page will have a few options for you to set up MFA. You can set up more than one to further boost your account security. For this demonstration, we’ll be choosing the Authentication app

5. On this page, Instagram may recommend their choice of authenticator app or suggest using a built-in feature depending on your phone’s model. If you already have a code generator app, we recommend tapping Set Up Another Way, so you can keep your codes all in one app.

6. A long string of random letters and numbers should show on the next page. Tap Copy key, then navigate to your authenticator app to import the code.

   1. If you don’t already have a code-generating app, we recommend researching the third-party options out there to find one that is right for you. These apps all work very similarly, though, so while we use Microsoft Authenticator (on iOS and Android) as an example, these steps should be the same on other apps.

7. Once Instagram has been set up in your code generator app, come back to the Instagram app and tap Next. You will be asked to enter a code from your authenticator – switch back to that app to copy or memorise the code to enter in the Instagram app.

8. Click Next after pasting or entering this 6-digit code. If you’ve followed these steps correctly, you should be shown a page that confirms your Two-factor authentication has been set up successfully!

When you next log in to Instagram on a new device, you’ll be asked to enter one of these codes before you can access your account.

We reckon it’s best that you repeat these steps to explore the other Multi-Factor Authentication options available to you and setting up another method in addition to this to further reinforce your account security.

You can also reference cyber.gov.au for more detailed steps on setting this up.

Setting up MFA on your Microsoft/Outlook Account

1. You can reference cyber.gov.au for more detailed steps on setting this up. Go to account.microsoft.com in a web browser, log in to your Microsoft account.

2. On this page, navigate to the Security heading and then click or tap Security dashboard. You can jump here by clicking this link.

3. Click or tap Get started under Advanced security options.

4. Under Two-step verification, choose Set up two-step verification to set up this feature.

5. On this page, read the instructions before selecting Next. The next step will let you choose from a few different options – for this guide we are selecting An app from the drop-down options.

   1. If you don’t already have a code-generating app, we recommend researching the third-party options out there to find one that is right for you. These apps all work very similarly, though, so while we use Microsoft Authenticator (on iOS and Android) as an example, these steps should be the same on other apps.

   2. After this step, select I want to use a different authenticator app if you’re not using a different app from Microsoft’s Authenticator and follow the next steps.

6. An image of a QR code will display. If your authenticator app is on the same device, click or tap Can’t scan image? to reveal a Secret key. Scan the QR or copy and paste the Secret key into your authenticator app.

7. Once your Microsoft Account has been added to your authenticator app, go back to the Microsoft website, and click Next. You will be asked to enter a 6-digit code from your authenticator app to verify it’s been set up correctly.

8. Once you’ve confirmed the code on the Microsoft website in your browser, you’re all set up with their Two-step verification!

When you next log in to Outlook, Word, or any other Microsoft website or app on a new device, you’ll be asked to enter one of these codes before you can access your account.

We reckon it’s best that you repeat these steps to explore the other Multi-Factor Authentication options available to you and setting up another method in addition to this to further reinforce your account security.

You can reference cyber.gov.au for more detailed steps on setting this up.

Setting up MFA on your Google/Gmail Account

1. Go to google.com in a web browser and click Sign in (or if you’re already signed in, go to step 2) on the top-right corner of the page.

2. Once you’re signed in, click your profile icon on the top-right corner of the page, then click Manage your Google Account. On the following page, click the Security You can jump there by clicking this link.

   1. If you’re on a computer, this should be on the left side of the page.

   2. If you’re on a mobile or tablet, this tab shows at the top of the page above your profile icon.

3. Under the heading that says Signing in to Google, click or tap 2-Step Verification, then Get Started on the following page.

4. On this page, read all the options available to you by selecting Show more options. For this guide, we are choosing to receive a code via text message.

5. Enter your phone number on this page and tap or click Next. You should receive a SMS from Google stating “G-…… is your Google verification code.” Do not share this code with anyone!

6. Go back to your web browser and enter this code on the page you started setup on. Click Next once it’s been entered.

7. If you’ve entered the correct code, the next page should say “It worked! Turn on 2-Step Verification?”. Click or tap Turn on to finish setting up your Google MFA. Now, you’re all set!

When you next log in to Gmail, Google Drive, or any other Google website or app on a new device, you’ll be asked to enter one of these codes before you can access your account.

We reckon it’s best that you repeat these steps to explore the other Multi-Factor Authentication options available to you and setting up another method in addition to this to further reinforce your account security.

You can reference cyber.gov.au for more detailed steps on setting this up.

Additional Information & Resources

• Multi-factor authentication | Cyber.gov.au

• Creating Strong Passphrases | Cyber.gov.au

• Report a cybercrime, incident or vulnerability | Cyber.gov.au

• What impact will biometrics have on business? | Aussie Broadband Blog

• Two-Factor Authentication | Aussie Broadband Help Centre