My answers to the most frequent arguments against MFA on social media and email accounts

There is a good reason every single security expert in the world insists on enabling Multi-Factor Authentication (MFA) wherever you can.

It is security feature #1 that you can easily integrate in your daily life, and I will try to break down exactly why it is so important in simple words.

While Microsoft might have exaggerated when they said that MFA stops 99.9% of all attacks, we’ve seen an enormous rise in social media account takeovers in the last few years.

Hackers like easy targets, don’t be one.

It doesn’t matter whether it is Instagram, Twitter/X, Facebook, or LinkedIn, hackers will compromise your account way easier if you don’t have MFA enabled.

To make things simple, I’ll address the 10 most common excuses I have heard in public or from family and friends on why they have decided not to implement MFA on their private accounts.

This is why they are wrong.

Why your excuses don’t work

1. It’s too complicated to implement

While MFA might have seemed technical in the past, setting it up now is surprisingly user-friendly. The larger social media platforms offer various MFA options, like SMS, email, and app-based authentication.

Any of these choices are good, but remember that your email account is where you should put the most effort into security. This is because a hacker can probably gain access to a lot of your other accounts if they have control over your email.

Apps like Google Authenticator and Instagram have simplified the process to just a few taps. It’s a matter of minutes for long-term protection. I can assure you that regaining a compromised account will be much more troublesome.

2. I don’t have anything worth stealing

This just isn’t true. Even if you are correct in that you have absolutely nothing to steal on your account, a loss of an account will steal your time.

In addition to this, even if you’re not a celebrity or a business, hackers can exploit your personal information for identity theft, spam, or phishing.

Your account can be used to scam your contacts or spread malicious content. It’s not just about what’s in your account but how it can be misused.

One very popular methodology that is used today, is that compromised accounts on Facebook and Instagram are used to spam-advertise for various products.

While this is embarrassing in itself, it will also probably lead to the account being permanently banned from the platform, making it even harder to get back.

3. I don’t want to share my phone number

Then don’t! Many MFA options don’t require your phone number. You can use authentication apps like Google Authenticator, which don’t require your phone number.

Many apps now have various interesting ways to conveniently implement MFA for you. For example, WhatsApp can now be used to receive MFA codes on Instagram.

4. It slows down my login process

First of all: You almost never actually log into your social media or email accounts. Your phone and laptop are probably marked as trusted devices, and only when you hop on a new device will you be prompted for MFA.

And when you get prompted for MFA, it still takes just a few seconds to complete. Some forms of MFA are now only 1 click on your phone “yes, it’s me”, and this is a small price for added security.

A few extra seconds now could save you hours (or days) recovering a hacked account.

5. I can just use a strong password

The strength of your password is irrelevant in most of the attacks that compromise accounts of regular people.

The reason for this, is that the attackers have already retrieved your password from some other data breach. You can test this yourself by checking which password breaches your email is included in with services like HaveIBeenPwned.

And even if your password has not been leaked in a breach, your strong passwords will still be compromised in the case of a phishing attack.

MFA ensures that even if your password is stolen, hackers can’t access your account without the second layer of authentication.

It will even give you a warning that someone has your password, as you will get MFA prompts that you did not initialize.

6. It’s too inconvenient if I lose my phone

Don’t worry, all the well-known services provide some sort of backup code that will help you if you were to lose your phone.

If storing the backup codes sounds like too much of a hassle to you (it’s not), then other recovery options like email verification are still available to you. If you go that route, just remember to properly secure your email account.

7. I trust the security of my account provider

LinkedIn, Yahoo, Equifax, Marriott, Facebook. They have all been hacked at one point. No platform is immune to cyberattacks, and even the most secure companies face data breaches.

MFA offers a layer of protection that is not dependent on something your account provider has already stored. This other layer of protection strengthens your security measures, keeping your account safer from being compromised.

8. I don’t want to depend on an app

You don’t have to! Instagram, Twitter, Facebook, and Tik Tok all offer several MFA options, including SMS, email, and apps.

You can choose what works best for you and even switch out your MFA method later if it doesn’t work as well as you expected.

9. I’m afraid I’ll get locked out of my account

With the availability of backup codes and recovery methods, the chances of this happening and you getting locked out are minimal.

Services also provide ways to recover access if your primary device is lost, and you can store backup codes securely in a password manager for emergencies.

10. Attackers can circumvent it anyway

While no system is perfect, MFA is one of the most effective tools available.

And yes, I do have some tricks up my sleeve to compromise accounts that have MFA enabled, and so do the hackers. But those techniques take effort and time, and require more expert knowledge to leverage.

Your account will most likely be compromised in an automated attack that targets thousands of accounts at the same time. The hacker will never even know he compromised you. The chances of someone spending that much effort on a regular user’s account are slim.

Hackers are more likely to move on to easier targets when MFA is in place.

Don’t Wait Until It’s Too Late

In today’s world, MFA is no longer optional, it’s essential.

With social media accounts getting compromised at higher and higher rates, and regular people becoming prime targets for hackers, securing your social media and email accounts with MFA is one of the easiest and most effective ways to protect your online presence.

In 2024 implementing MFA is easy. Some implementations even save your time, as you don’t have to input your password. There’s really no excuse not to use it. So, lock up your account today before you become a part of some hacking statistic.

Hackers like easy targets, don’t be one.