HELP! Someone has hacked Jim’s email and just tried to place a $15,000 order at Verizon.

-Actual Customer, December 10th, 2019

As the owner of an IT Company that specializes in security and managed IT services I hate getting emails like this. Primarily, because they are 99.99% avoidable.

Managed IT service providers have known if for a long time: all of their customers need to be on multifactor (MFA, sometimes called two-factor) authentication. To this customer’s credit, they were already in the process of implementing MFA, but Jim hadn’t been set up yet.

Research from both Google and Microsoft shows that MFA stops over 99% of password based hacks. Our standard operating procedure is to recommend it to all of our customers. Beginning in 2020, we will require our manged customers to opt-out of it if they don’t want it, it is so important.

MFA is simply adding another layer of security to your account. In its simplest and most effective form you get a push notification on your phone requesting that you approve a login. Other forms may email or text you a code that you have to put into a website.

How do I do it?