Protect yourself: Multi-factor authentication

Nicole McKinnon • June 4, 2025
Person logging into a laptop, overlaid with a digital 2FA security interface featuring a fingerprint and shield icon.

Multi-factor authentication (MFA) is when you use two or more different types of actions to verify your identity and you may already be using MFA. For example, when you receive an authentication code by SMS text message after entering your password to log into an online account. MFA is one of the best ways to protect against someone breaking into your account. It makes it harder for cybercriminals to take over your account, by adding extra layers of protection.

MFA requires you to use a combination of two or more of the following factors to access your accounts:

  • Something you know (e.g. a PIN, password or passphrase);

  • Something you have (e.g. a smartcard, physical token, authenticator app or SMS); and

  • Something you are (e.g. a fingerprint, facial recognition or iris scan).

MFA defends against the majority of password-related cyberattacks. For example, MFA protects against credential stuffing where cybercriminals use previously stolen passwords from one website and try to reuse them elsewhere so they can gain access to more accounts.

Think of adding MFA to your account like adding a house alarm that requires a PIN to deactivate. It provides you with an extra layer of protection from cybercriminals trying to break in. Even if they break through one layer (for example, by guessing your password), they still need to break a second barrier to access your account.

Having an extra step can be inconvenient at first but remember that taking shortcuts leaves your system more vulnerable. You are better off spending a few seconds entering a one-time code now, to avoid spending hours later on trying to regain access to your accounts and dealing with the consequences of your data being stolen.

MFA often goes by different names. You may see it called two-factor authentication (2FA) or two-step verification.

Options for MFA

SMS code

This is a random code that you receive to access or use an online service. For example, after you enter your username and password to log in, you will receive an SMS with a ‘one-time password’ (OTP) to enter to access your account. Another example is when you receive an SMS code when using online banking, before transferring money to a new payee for the first time.

Authenticator app

Authenticator apps are mobile applications that generate a random OTP and are more secure than receiving a code by SMS. You will first need to download an authenticator app on your device. Google Authenticator, LastPass Authenticator, Microsoft Authenticator and Authy Authenticator   are a few popular ones. In the settings of your online account (e.g. your social media account), turn on MFA and select the authentication app option. This will reveal a QR code containing a unique key. Use your authenticator app to photograph this QR code or manually enter the key to link your account to the authenticator app. Once this step is done, the app will produce a new six-digit code every 30 seconds. Whenever you log in to your online account with your usual username and password, enter this code too. That’s it, MFA is on!

Biometrics

With biometrics, your unique characteristics become the authenticator. An example of biometrics is using your face or fingerprint to access your device or mobile apps. Using biometrics as MFA is convenient, because they are always with you and cannot be misplaced or forgotten.

Security key

A security key is a small physical token without a display screen, which is often plugged into your device via a USB port, or kept in close proximity for wireless versions. It prompts the user to activate authentication processes, and it is a more secure form of MFA than the other options above.

Turn on MFA

You should turn on MFA wherever possible, starting with your important accounts, such as:

  • User and email accounts, since a cybercriminal with access to your email accounts can reset passwords for your other accounts.

  • Financial services, such as your online banking.

  • Accounts that save or use your payment details (e.g. eBay, Amazon, PayPal).

  • Social media accounts (e.g. Facebook, Instagram).

  • Any other accounts that hold personal information (e.g. myGov).

How to turn on MFA depends on the software or service you are using; however the steps are somewhat similar for most applications. Refer here for links to the instructions on how to set up MFA for different services including user and email accounts, financial services, online shopping, social media and communication, government services and gaming.

If you don’t see your account listed, try searching online for ‘how to turn on MFA’ for that service or check the settings of your account. If your account does not have an option for MFA, you should protect it with a strong password or passphrase that is not used anywhere else.

Security tips

Although MFA improves the security of your accounts, motivated cybercriminals may persist and succeed in compromising them. To help keep your account secure, consider the following security tips:

  • Don’t click on account sign-in hyperlinks that you received via SMS or emails.

Scammers may impersonate your bank or a government department and trick you into clicking a link and give out information such as your account number, password or credit card numbers. If you have any doubts about a message or call, contact the organisation directly: visit the official website to find their phone number or to log in to your account via the official website. Do not use the links or contact details given to you in the message.

  • Don’t share MFA codes or approve unknown sign in attempts.

Requests for sign in approvals and the security codes that you receive are the system’s way of checking that you are the person who signed in. If you give someone else your MFA code or approve unknown sign in attempts, then someone else might be able to log into your account. Never approve unknown sign in attempts or share your MFA code.

  • Add extra layers of protection.

You should use MFA whenever possible, especially when it comes to your most sensitive data, such as your primary email, financial accounts and health data. To enhance security, your credentials must come from two different categories: for example, something you know (passphrase) and something you are (facial recognition). The more layers of security between your important information and cybercriminals, the better.

  • Keep up to date.

Ensure that any alternative authentication methods such as your recovery email addresses are at least as secure as the primary ones that you use to log into your accounts, and kept up to date.

  • Remember to transfer your authenticator when you change devices.

If you are using an authenticator app for MFA and you get a new device, make sure that you transfer it to your new device before disposing of or resetting the old one. We recommend adding a recovery method to your account and saving your backup codes in case you lose access to your authenticator app or delete it. In some cases, you might need to turn off MFA prior to getting a new device and reinstalling the authenticator app. Similarly, if you get a new phone number, make sure that before you lose access to your old phone number, you update your sign-in options for the accounts that normally rely on this number to send you an OTP by SMS.

 

Source: Australian Cyber Security Centre

Understanding longevity risk in retirement

By Nick McKenna October 28, 2025
Australians are living longer than ever before due to a combination of factors including improved healthcare, better living conditions and over all better quality of life. With this longevity comes the challenge of ensuring financial security throughout a longer retirement. Data from the Australian Bureau of Statistics (ABS) shows that life expectancy at birth is now 81.1 years for males and 85.1 years for females1. Despite the increases in these averages, many Australians will live well beyond these ages, making planning for your retirement income more important than ever. What is longevity risk? Longevity risk refers to the possibility of outliving your savings. Living longer allows you to enjoy the fruits of life for longer but it also means planning carefully to ensure your savings last as long as you do. For Australian retirees, this is especially important, as the Age Pension alone may not be enough to cover all living expenses over an extended period. According to the Challenger Retirement Happiness Index2, 72% of Australians aged 60+ report that the rising cost of living has adversely impacted their financial security, with 34% admitting the impact was significant. This highlights the importance of planning for longevity risk to maintain financial confidence in retirement. Building financial security for the future To ensure a comfortable and secure retirement, it’s important to take proactive steps to manage longevity risk. Here are some key considerations: 1. Understand how long your retirement savings may last Knowing how long you might live can help you plan your finances to last throughout retirement. Factors like health, lifestyle and family history can play a role in estimating life expectancy. 2. Understand your income sources Retirement income can come from a mix of sources, including the Age Pension, superannuation, personal savings and investments. For many Australians, the Age Pension alone may not be enough to cover all living expenses, especially if superannuation or other savings run out. Adding a source of regular income such as a lifetime annuity to your retirement income plan can help you manage the risk of outliving your savings. By using some of your super or other money to set up a lifetime income stream, you could create an additional layer of secure income that complements the Age Pension, if you are eligible. This approach helps to provide peace of mind by ensuring you have a regular source of income that can cover essential needs throughout your life. This can form part of a comprehensive retirement income plan. 3. Use planning tools and resources Make a budget The Age Pension is a key safety net for many Australians. Consider how it works, including eligibility and its role alongside superannuation and lifetime income streams. For personalised guidance to help you make informed decisions about your finances, consider accessing free services like the Financial Information Service (FIS) offered by Services Australia or see a Financial Adviser. The benefits of financial security Financial security can transform retirement into a time of freedom and fulfilment, allowing retirees to focus on what truly matters. With a lifetime income stream you can enjoy meaningful activities like traveling, pursuing hobbies or spending quality time with loved ones without the stress of financial uncertainty. The Challenger Retirement Happiness Index2 reveals that 41% of Australians aged 60+ see "having enough money to enjoy retirement" as essential for happiness, while 33% value knowing their money will last. This financial confidence provides the foundation for a retirement filled with confidence, happiness and peace of mind. Planning for a confident retirement A well thought out retirement plan provides the confidence to enjoy life without the constant worry of running out of money. By understanding longevity risk and taking proactive steps, you can feel more confident that your retirement income will last as long as you do. Source: Challenger
Man and woman laughing while dancing in a kitchen. The woman is leaning back, held by the man. Bright, natural light.

Finance 101: understanding interest rates and why they matter

By Nick McKenna June 11, 2025
Whether you're planning to buy your dream home, save for a brighter future or simply manage your daily finances, interest rates play a key role. Here’s why they matter when planning your financial future.
Woman with dark hair in a yellow sweater sits by a window, holding a phone, looking at the camera.

Planning for retirement? Start with these 5 steps

By Nick McKenna June 11, 2025
Retirement planning can be daunting, but it doesn’t have to be. We’ve put together these 5 retirement planning steps to help you get started.
Woman and child working together at a pottery wheel in a bright workshop. The child is helping the woman shape the clay.

Why you need insurance, what are your options?

By Nick McKenna June 11, 2025
Your health and wellbeing is the most important asset you have, so it pays to put in the hard yards and get your head around the tricky topic of insurance.
Person in a red jacket using a calculator with a notepad, coins, and a tablet on the desk, possibly budgeting.

Eight quick wins for managing debt

By Nick McKenna June 11, 2025
Managing debt can often feel overwhelming but there are several strategies you can implement to make the process more manageable and accelerate your journey to becoming debt free.
Woman with red hair making a peace sign, blowing a kiss. Against a red wall.

Score a $500 super bonus: the government super co-contribution explained

By Nick McKenna June 11, 2025
Discover how making after-tax contributions could qualify you for a government co-contribution of up to $500.
People at a table, illuminated by string lights, are enjoying an outdoor dinner party at night.

Three ways to plan for your 30s

By Nick McKenna June 11, 2025
Turning 30 is often accompanied by a degree of increased financial responsibility. Here’s how to stay ahead.
Woman with curly dark hair gazes thoughtfully out a window in a building, wearing a light pink top.

How to find your lost super

By Nick McKenna June 11, 2025
Imagine finding thousands in super that you’ve lost track of. Here’s how you can check if you have any lost or unclaimed super.
Smiling man in blue shirt, possibly a farmer, standing in front of a banana display.

Can I go back to work if I’ve already accessed my super?

By Nick McKenna June 11, 2025
Can I go back to work if I’ve already accessed my super? Generally, you can, but there may be other things to consider. Learn more.
Older couple with arms around each other, sitting on a bench in a park. They are looking at each other lovingly.

Spouse super contributions – what are the benefits?

By Nicole McKinnon June 4, 2025
If your partner is earning a low income, working part-time, or currently unemployed, boosting their super could be a smart financial move for both of you.