Keeping Protected Health Information (PHI) safe from attackers is getting harder as their techniques improve. In addition, due to the value of PHI on the Dark Web, attackers have a strong financial incentive to steal patient records. Because of this, practices have to take extra steps to help ensure that this data is kept safe. One way we can do this is through the use of Multi-Factor Authentication (MFA). Sometimes you may see this referred to as Two-Factor Authentication (2FA). Let’s dig into this just a bit.

When speaking of authentication, there are 3 different types of factors. A factor is simply a method of authenticating with your computer. These are:

• Something you know: a password to log into your computer. It’s in your brain so we refer to this as something you know
• Something you are: this is biometrics, your fingerprint, a facial scan, a retinal scan, etc.
• Something you have: a token, a one-time password, etc.

You are probably familiar with receiving an SMS message from a bank or credit card to allow you to log into your online account. This is an example of MFA. This adds an additional layer of protection to your login that makes it harder for an attacker to breach your account. Even if they knew your password, they would still need the code from the SMS message. However, while better than nothing, SMS is the least secure form of MFA.

Another option is to use an authenticator application like Google Authenticator or Authy. Both are free. They are installed on your mobile phone. When you register one of your online accounts with the authenticator app, it will generate a random 6-digit code that changes every 30 seconds. Using this 6-digit code makes hacking your online accounts a lot harder. To be able to access your accounts, the attacker would either need access to your mobile phone or trick you into sending them the code inside the 30-second window. While not impossible, it does make account breaches a lot harder.

An authenticator app can be used for many of your sites to help keep them secure. For example, Amazon, Facebook, Snapchat, Google, Apple, and many others. In the past, a good password was enough to secure accounts but now MFA is the minimum you should do. If you have an account with an online service that allows for MFA, then you should absolutely enable it to keep your accounts secure.

Here is a screenshot of Authy.