Accucom Blog
Locked Out of Your MFA? You May Still Have Some Options…
Uh oh. You were trying to be more secure and decided to set up multi-factor authentication. However, you’ve just discovered how important the other factors are when it comes to authenticating your identity. Yes, you’ve found yourself unable to access your means of authenticating yourself.
So…what do you do now?
First things first: don’t panic just yet. Let’s take a look at some options you may have.
What is Multi-Factor Authentication, and How Can You Get Locked Out of It?
Multi-factor authentication, or MFA for short, is how the inherent weakness of passwords is increasingly being addressed in both the workplace and in personal life.
Think of it this way: by providing your username to whatever service you are trying to access, you are identifying yourself. Traditionally, you would also provide a password or PIN to confirm that you are, in fact, who you say you are…authenticating the identity you just provided.
For an assortment of reasons, this has been shown to be insufficient for security needs, particularly in the professional setting. This has led to the adoption of MFA, which generally supports three means of identifying oneself:
- Providing something you know. This is the traditional approach, as it is usually in the form of a password, passphrase, or PIN.
- Providing something you have. This approach requires you to display something in your possession in order to verify who you are. This could be an identification card, a generated or messaged code from a mobile application, or a dedicated hardware-based security key.
- Providing something you are. Finally, this approach relies on biometrics, with you providing a scan of your fingerprint or retina that is compared to an existing record to confirm you are who you claim to be.
By requiring more than just one form of authentication, it becomes much more difficult for an attacker to get into an account.
However, it also means that the owner of the account could also find themselves locked out under the right (read: wrong) circumstances.
How You Might Be Able to Still Access Your Account…
Short of starting over (which, to be fully honest, may be your only option) there are two paths that might allow you to regain access to your accounts:
Check other places you may still be logged in.
Most of the services and applications that support MFA will have both a website and an application form. While it’s more likely that the mobile app will still have you logged in, checking both might enable you to access the settings and either turn off MFA temporarily or switch to a different form of it that you still have access to. This will almost assuredly require you to provide your password to change. Just make sure you don’t accidentally log out of the service until you’ve successfully taken back control.
Reach out to customer support.
If you find that you don’t have any other active instance of the app or website in question, you can always try reaching out to the website or application itself by telephone to try and have their customer support team help you. Some companies now provide a fairly straightforward process of confirming who you are matches who you say you are and letting you in somewhat quickly, while others can take up to a few days.
Outside of these options, you may have no choice but to start again from scratch with a new account. However, if this is the case, you’ll still want to reach out and have your original account deleted so it can’t be taken over later on.
…And How to Preemptively Ensure You Can
Fortunately, many modern MFA tools offer means of accessing your needed security codes with some contingency options. One relatively easy means is to simply enable a few options for you to authenticate your identity with your account. Many apps now allow you to either enter a generated code or provide biometric proof—enabling both allows you to authenticate with your biometric proof of identity if you cannot access your codes.
Speaking of codes, many MFA platforms also offer a feature called recovery keys or backup codes. Think of it as a secret code that you can use to communicate with the MFA platform, proving to it that you are in fact the authorized user—you just can’t access any of the traditional options for some reason. Naturally, once these codes are generated, you’ll want to secure them someplace very safe, protected by encryption.
If you opt to go for a security key, you might want to consider getting a second key to use as a backup. Various services understand that people do this and enable multiple keys to be tied to an account for this reason. If you ever decide to upgrade your key, the old one can easily become your backup—just make sure you keep it someplace safe and secure!
We’re Here to Ensure Your IT Works (However You Prove You’re You)
As a managed service provider, our job is to ensure that the technology your business relies on remains reliable—which means keeping it supported and secure. Reach out to us to find out the many, many ways we can do so for you. Call (02) 8825-5555 today.
Comments