Mar 02, 2026 Security Tidbits: Not All MFA Is Created Alike

Multi-Factor Authentication (MFA) enhances account security by requiring more than a simple username and password.

Forms of MFA include:

• Something You Know: like a password
• Something You Have: like a text on your phone
• Something You Are: like a fingerprint

Even if an attacker obtains your account password, MFA significantly reduces the likelihood of them breaking in.

Any form of MFA is better than no MFA, but did you know that some options are more secure?

• Text messages, the most common form of MFA, are suspectible to smishing, message interception, and SIM-swapping attacks.
• App-based MFA involves the use of a dedicated MFA application and provides stronger protection compared to a text message but is still susceptible to phishing.
• FIDO2/WebAuthn leverages public key cryptography to resist phishing attacks and is the most secure form of MFA that is widely available.

Whenever possible, use the strongest MFA method offered. CSUCI's MFA solution, Duo, offers a mobile app and supports FIDO2 hardware keys. Using the Duo app or a hardware key is recommended.

For more information, contact CSUCI's Information Security Team at [email protected] or visit the ITS Information Security website.

Source: https://www.cisa.gov/MFA