You might be ignoring your best tool to protect you against scams because it’s too annoying — even though it only takes a minute or two out of your day.
“Everybody hates multi-factor authentication,” cybersecurity expert and former government hacker Kyle Hanslovan tells CNBC Make It.
Hanslovan is the CEO and co-founder of Huntress, a small-business cybersecurity startup that launched in 2015, and now has more than 105,000 corporate clients. He previously worked in counterintelligence for the U.S. Air Force, and spent nearly a decade working under the National Security Agency as a cyber warfare operator with the Air National Guard.
Multi-factor authentication, which simply adds an extra step to the log-in process — like when your bank sends you a text or email before verifying your identity — is “the single biggest thing you can do” to deter hackers, Hanslovan says.
Microsoft has claimed that multi-factor authentication can prevent 99.9% of cyberattacks on personal accounts. Other cybersecurity experts put the number at closer to 50%.
“We have data, now that we have hundreds of thousands of identities and millions of endpoints under management, [and] it’s not a question, it’s a scientific answer of we know you’re going to be this much more secure,” he says. “But people hate it.”
Specifically, he adds: “They just hate the idea of, like, ‘When I log in, I’ve got to click another button, or I’ve got to insert this six-digit code.”
Phishing attacks have been on the rise in recent years, putting people’s personal and financial information at risk. In a 2021 survey, Duo Security found that only 78% of people used multi-factor authentication for at least some of their online accounts — way up from just 28% four years earlier, but still far from ubiquitous.
Fewer than half of U.S. small business-owners require employees and customers to use multi-factor authentication, according to the Cyber Readiness Institute. That’s a problem, says Hanslovan: Data shows an increased focus by hackers on small businesses, many of which are under-prepared by their own admission.
In other words, small companies may not have as much money to steal as big corporations — but if they don’t bother with security, they present a much easier target for hackers.
For people and businesses alike, taking the time to perform a few extra steps when logging into an account can make a huge difference, Hanslovan says.
“I’m telling you: That single thing, when you do that, all of a sudden you raise the bar to the level that the hacker will go somewhere else most often,” he says.
You’ll benefit the most from avoiding the text message or email-based authentication options, Hanslovan says. Instead, he suggests, use an authenticator app like Duo Mobile or Google Authenticator, which can generate a more secure code — or even use your fingerprint or facial recognition to help you log in.
“That simple difference of using the app to generate a code substantially reduces your risk,” Hanslovan says.
Hackers often cast a wide net, with estimated billions of phishing email attempts sent each day. They’re more likely to choose the path of least resistance whenever they come across an obstacle, like an extra step for authentication, Hanslovan says.
“You know the phrase, ‘You don’t have to outrun a bear, you’ve got to be faster than the slowest person?'” he adds. “If you [use multi-factor authentication] and choose that app, you’re almost ahead of most of the pack and attackers will move to somebody who’s the slowest one.”
DON’T MISS: Want to be smarter and more successful with your money, work & life?
Get CNBC’s free Warren Buffett Guide to Investing, which distills the billionaire’s No. 1 best piece of advice for regular investors, do’s and don’ts, and three key investing principles into a clear and simple guidebook.
This content was originally published here.