How to set up Multi-Factor Authentication and why you need it

One of the best ways to protect yourself online is also one of the simplest: setting up Multi-Factor Authentication (MFA) for your accounts.  

What is MFA? 

Multi-Factor Authentication, or MFA, is a security step allowing users to verify their identity before accessing sensitive information.  

Some examples of MFA include: 

• ‘Biometric’ security, such as using your fingerprint, Face ID, or voice recognition. 

• Authenticator codes, which can be obtained from a third-party code generator app or physical token. 

• Two-factor PIN codes sent via email. 

It’s much harder for bad actors to gain access to an account with MFA  than it is to learn your password. This makes MFA a powerful security tool, and has been widely adopted by most online platforms and services (including Aussie). 

You might’ve heard of Two-Factor Authentication, or 2FA, which is technically a form of MFA. However, they are different – 2FA only uses 2 authentication steps, while MFA uses 2 steps at a minimum.  

Where should I use MFA? 

Wherever you possibly can. 

If MFA isn’t available for an account, it’s best to make sure it has its own strong passphrase that isn’t used anywhere else. This way, if the worst happens and your password is compromised, it cannot be used to access any of your other online accounts.  

You can learn to create a strong passphrase by clicking here.  

Setting up MFA on your Facebook Account 

On a computer 

1. First, head to your Two-factor authentication settings by clicking here. If the link didn’t work, you can follow these steps to navigate to these settings: 

2. Click your profile picture in the top-right corner of the Facebook home page, then click Settings & privacy, then Settings from the menu that shows after. 

3. On the next page, click on Accounts Centre on the left menu, then click Two-factor authentication. 

4. This page will have a few options for you to set up MFA. You can set up more than one to further boost your account security. For this demonstration, we’ll be choosing the Authentication app. 

5. After clicking Authentication app, a QR image will be shown, as well as a code for manually setting up your MFA. Don’t share these with anyone! Using an authenticator app on your phone, such as Microsoft Authenticator, scan the QR code. 

6. Once you’ve scanned the QR code and added it to your app, click Continue on your computer. The next page will ask you to confirm a 6-digit code generated by your app. 

7. Once you’ve successfully confirmed the newly generated code your Two-factor authentication is all set up! 

When you next log in to Facebook on a new device, you’ll be asked to enter one of these codes before you can access your account. 

We recommend further improving your account security by exploring the other Multi-Factor Authentication options and set up another method on top of the one you’ve just made. 

In the Facebook app 

1. First, head to your Two-factor authentication settings.  

2. Tap your profile picture (this may instead show as three horizontal lines ☰) in the bottom-right corner of the Facebook app, then tap Settings and Privacy, then tap Settings. 

3. Tap on Accounts Centre. 

4. Tap Password and security, then Two-factor authentication. 

5. This page will have a few options for you to set up MFA. You can set up more than one to further boost your account security. For this demonstration, we’ll be choosing the Authentication app. 

6. After tapping this option, a QR image will be shown, as well as a code for manually setting up your MFA. Do not share these with anyone! Using an authenticator app on your phone, such as Microsoft Authenticator, scan this QR code. 

7. If your authenticator is on the same device, tap the long string of letters and numbers under the QR image to copy it on your phone, then paste it into your chosen code-generating app.  

8. Go back to the Facebook app and tap Continue once you’ve added the code to your authenticator app. The next page will ask you to enter a 6-digit code generated by your app. 

9. Once you’ve successfully confirmed a newly generated code from the app, your two-factor authentication is all set up! 

When you next log in to Facebook on a new device, you’ll be asked to enter one of these codes before you can access your account. 

We recommend further improving your account security by exploring the other Multi-Factor Authentication options and set up another method on top of the one you’ve just made. 

Setting up MFA on your Instagram Account 

1. First, head to your MFA settings in Instagram.  

2. Tap your profile picture in the bottom-right corner, then tap the three horizontal lines ☰ in the top-right corner, then tap Accounts Centre. 

3. On the next page, tap Password and Security, then tap Two-factor authentication on the following page. If you haven’t got this set up already, you’ll need to tap Get Started to begin setup. 

4. This page will have a few options for you to set up MFA. You can set up more than one to further boost your account security. For this demonstration, we’ll be choosing an authentication app. 

5. On this page, Instagram may recommend their choice of authenticator app or suggest using a built-in feature depending on your phone’s model. If you already have a code generator app, we recommend tapping Set Up Another Way, so you can keep your codes all in one app. 

6. A long string of random letters and numbers should show on the next page. Tap Copy key, then navigate to your authenticator app to import the code. 

7. Once Instagram has been set up in your code generator app, come back to the Instagram app and tap Next. You will be asked to enter a code from your authenticator – switch back to that app to copy or memorise the code to enter in the Instagram app. 

8. Tap Next after pasting or entering this 6-digit code. If you’ve followed these steps correctly, you should be shown a page that confirms your Two-factor authentication has been set up successfully! 

When you next log in to Instagram on a new device, you’ll be asked to enter one of these codes before you can access your account. 

We recommend further improving your account security by exploring the other Multi-Factor Authentication options and set up another method on top of the one you’ve just made. 

Setting up MFA on your Microsoft/Outlook Account 

1. Go to account.microsoft.com in a web browser, log in to your Microsoft account. 

2. On this page, navigate to the Security heading and then click or tap Security dashboard. You can jump here by clicking this link. 

3. Click or tap Get started under Advanced security options. 

4. Under Two-step verification, choose Set up two-step verification to set up this feature. 

5. On this page, read the instructions before selecting Next. The next step will let you choose from a few different options – for this guide we are selecting an app from the drop-down options. 

6. After this step, select I want to use a different authenticator app if you’re using a different app to Microsoft Authenticator and follow the next steps. 

7. An image of a QR code will display. If your authenticator app is on the same device, click or tap Can’t scan image? to reveal a Secret key. Scan the QR or copy and paste the Secret key into your authenticator app. 

8. Once your Microsoft Account has been added to your authenticator app, go back to the Microsoft website, and click Next. You will be asked to enter a 6-digit code from your authenticator app to verify it’s been set up correctly. 

9. Once you’ve confirmed the code on the Microsoft website in your browser, you’re all set up with their Two-step verification! 

When you next log in to Outlook, Word, or any other Microsoft website or app on a new device, you’ll be asked to enter one of these codes before you can access your account. 

Setting up MFA on your Google/Gmail Account 

1. Go to google.com in a web browser and click Sign in on the top-right corner of the page. 

2. Once you’re signed in, click your profile icon on the top-right corner of the page, then click Manage your Google Account. On the following page, click Security. You can jump there by clicking this link.  

   Note: If you’re on a computer, this should be on the left side of the page. If you’re on a mobile or tablet, this tab shows at the top of the page above your profile icon. 

3. Under the heading that says Signing in to Google, click or tap 2-Step Verification, then Get Started on the following page. 

4. On this page, read all the options available to you by selecting Show more options. For this guide, we are choosing to receive a code via text message. 

5. Enter your phone number on this page and tap or click Next. You should receive a SMS from Google stating “G-…… is your Google verification code.” Do not share this code with anyone! 

6. Go back to your web browser and enter this code on the page you started setup on. Click Next once it’s been entered. 

7. If you’ve entered the correct code, the next page should say “It worked! Turn on 2-Step Verification?”. Click or tap Turn on to finish setting up your Google MFA.  

When you next log in to Gmail, Google Drive, or any other Google website or app on a new device, you’ll be asked to enter one of these codes before you can access your account. 

You can learn more about protecting yourself online or report a cybercrime by clicking here.