Uh oh. You were trying to be more secure and decided to set up multi-factor authentication. However, you’ve just discovered how important the other factors are when it comes to authenticating your identity. Yes, you’ve found yourself unable to access your means of authenticating yourself.
So…what do you do now?
First things first: don’t panic just yet. Let’s take a look at some options you may have.
Multi-factor authentication, or MFA for short, is how the inherent weakness of passwords is increasingly being addressed in both the workplace and in personal life.
Think of it this way: by providing your username to whatever service you are trying to access, you are identifying yourself. Traditionally, you would also provide a password or PIN to confirm that you are, in fact, who you say you are…authenticating the identity you just provided.
For an assortment of reasons, this has been shown to be insufficient for security needs, particularly in the professional setting. This has led to the adoption of MFA, which generally supports three means of identifying oneself:
By requiring more than just one form of authentication, it becomes much more difficult for an attacker to get into an account.
However, it also means that the owner of the account could also find themselves locked out under the right (read: wrong) circumstances.
Short of starting over (which, to be fully honest, may be your only option) there are two paths that might allow you to regain access to your accounts:
Check other places you may still be logged in.
Most of the services and applications that support MFA will have both a website and an application form. While it’s more likely that the mobile app will still have you logged in, checking both might enable you to access the settings and either turn off MFA temporarily or switch to a different form of it that you still have access to. This will almost assuredly require you to provide your password to change. Just make sure you don’t accidentally log out of the service until you’ve successfully taken back control.
Reach out to customer support.
If you find that you don’t have any other active instance of the app or website in question, you can always try reaching out to the website or application itself by telephone to try and have their customer support team help you. Some companies now provide a fairly straightforward process of confirming who you are matches who you say you are and letting you in somewhat quickly, while others can take up to a few days.
Outside of these options, you may have no choice but to start again from scratch with a new account. However, if this is the case, you’ll still want to reach out and have your original account deleted so it can’t be taken over later on.
Fortunately, many modern MFA tools offer means of accessing your needed security codes with some contingency options. One relatively easy means is to simply enable a few options for you to authenticate your identity with your account. Many apps now allow you to either enter a generated code or provide biometric proof—enabling both allows you to authenticate with your biometric proof of identity if you cannot access your codes.
Speaking of codes, many MFA platforms also offer a feature called recovery keys or backup codes. Think of it as a secret code that you can use to communicate with the MFA platform, proving to it that you are in fact the authorized user—you just can’t access any of the traditional options for some reason. Naturally, once these codes are generated, you’ll want to secure them someplace very safe, protected by encryption.
If you opt to go for a security key, you might want to consider getting a second key to use as a backup. Various services understand that people do this and enable multiple keys to be tied to an account for this reason. If you ever decide to upgrade your key, the old one can easily become your backup—just make sure you keep it someplace safe and secure!
As a managed service provider, our job is to ensure that the technology your business relies on remains reliable—which means keeping it supported and secure. Reach out to us to find out the many, many ways we can do so for you. Call (509) 534-1530 today.
About the author
Sam is a network engineer with a broad range of experience spanning more than 35 years. He wrote is first piece of code in 1979 and has been involved with the industry ever since. For the last 20 years, he has worked for SCW Consulting where he has embraced his passion for network technology and security.
Mobile? Grab this Article!
Tag Cloud
Comments