Imagine your account username and password have been compromised. With MFA enabled attackers are unable to log in to the account without this additional step in their physical possession.
There are different methods available, with varying strengths. By far the gold standard here is a hardware based token, available from as little as £8 from Amazon. Different models are available but typically you just plug this in to a USB port and press a button to authenticate. The difference this can make to your security position is quite staggering;
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords
Bryan Krebs July 2018
You’ve likely seen an MFA app like Google Authenticator before. It’s great but I would suggest using the brilliant Authy from Twilio instead as it supports backup and restore. There are also client versions available for desktops which you can simultaneously install providing a backup option in the event of device loss.
If you’re already using Google Authenticator then I’d suggest migrating across, get Authy installed then log in to your accounts, turn MFA off and then re-enable and scan the QR code with Authy.
Other articles in this series: