2025 Cybersecurity Awareness Month: Turn on Multifactor Authentication

• Division of Banks
• Office of Consumer Affairs and Business Regulation

What is MFA and where should you use it?

Multifactor authentication (MFA) provides an extra layer of security for your accounts by requiring a quick second step to verify your identity when logging in.

Use it on every account that offers it, especially:

• Email​
• Accounts with financial information​

Ex: Banks, online stores​

• Accounts with personal information​

Ex: Social media

Which MFA methods are best?

Choose the most secure MFA method available. Here are some options, from most to least secure:

• Security key: Use a physical security key (such as a YubiKey) to log in. It plugs in or taps your device. It provides the best protection against phishing and is easy to use.
• Authenticator app with number matching: An app prompts you to enter a number on your phone. You enter a number shown on the login screen to confirm your identity.
• Authenticator app with one-time code: An app generates a new code every 30 seconds.
• Biometrics: Uses your fingerprint or face to confirm your identity.
• Text or email code: A one-time code is sent to your phone or email. Least secure method.

Division of Banks

The Division of Banks (DOB) is the chartering authority and primary regulator for financial service providers in Massachusetts. DOB's primary mission is to ensure a sound, competitive, and accessible financial services environment throughout the Commonwealth.

Office of Consumer Affairs and Business Regulation

The Office of Consumer Affairs and Business Regulation protects and empowers consumers through advocacy and education, and ensures a fair playing field for the Massachusetts businesses its agencies regulate.

Image credits: Cybersecurity and Infrastructure Security Agency: CISA.gov