It doesn’t matter what the application is be it your email (or other Office 365 system), or Paypal, or Twitter, or Facebook, or your bank turn on Multi-Factor Authentication (MFA).
What is MFA?
MFA is a process to protect your account by securing your account with an extra layer of protection. Accounts have a username and a password on them. This is called single-factor authentication and it is based on something that you know, which would be your password.
MFA adds an additional step into this process by requiring that in order to log in, you need to have something usually your cell phone. This doesn’t just mean that you can get SMS messages sent to your phone and that’s good enough. It isn’t. There are ways to intercept SMS messages that are sent to a phone from cleaning the phone to contacting the provider and reporting that the phone is stolen so that a new SIM card is activated.
Proper MFA, is done through an app like Microsoft authenticator, or Duo Mobile, or FortiToken Mobile.
When a third-party application isn’t supported, a safer option than sending text messages to your cell phone would be to send the codes to your email account. But doing this requires securing the email account with MFA using an application like the ones listed above. If the email account to which the MFA code is sent isn’t secure, then taking over those accounts is simply a matter of taking over the email account.
Why Use MFA?
The answer to this is rather simple, to protect your accounts so that only you can log into them.
Why would someone want to steal my accounts?
Just because you think that someone wouldn’t bother to break into your account, don’t assume that is the case. Plenty of people’s Facebook accounts are taken over so that they can spread their taking over of accounts to every person that you are friends with.
Bank accounts are pretty straightforward as to why people would want to take them over, to transfer out whatever money is in the account. While most people’s accounts have very little money in them, every once and a while the attacker gets lucky and comes across someone’s bank account with a large amount of money in it which they can wire transfer out to another account, at which point the money is gone.
MFA helps you to protect yourself. When it comes to your data, your information protecting the accounts which hold that information is critical. And that means protecting yourself so that other people can’t access your accounts.