October marks National Cybersecurity Awareness Month, and the theme for this year, "Secure Our World," emphasizes the collective responsibility we all share in defending our digital lives. In continuing the second week of the campaign, the Texas Association of Public Employee Retirement Systems is focusing on the importance of multifactor authentication as a critical tool in strengthening the security of online accounts.

As cyber threats become more sophisticated, public employee retirement systems need to remain vigilant in protecting the financial data of their members and annuitants. That's why TEXPERS has become a National Cybersecurity Alliance Champion, joining an international effort to promote online safety during National Cybersecurity Awareness Month and safeguard sensitive information from cybercrime.

What is Multifactor Authentication (MFA) and How Does it Work?

Multifactor authentication, or MFA, is a security enhancement that requires two or more credentials to verify your identity when logging into an online account. The National Cybersecurity Alliance describes MFA as an additional layer of protection that significantly reduces the chances of a cybercriminal gaining access to your account, even if they have stolen your password.

The U.S. Cybersecurity and Infrastructure Security Agency hosts this YouTube video explaining how to make your accounts safer with multifactor authentication.

 When you turn on MFA for an account or device, your login process will include a bit more verification. Here's how it typically works:

1. Username and Password: You start by entering your standard username and password as usual.
2. Additional Verification: If these credentials are correct, you will be prompted to provide extra proof of your identity. For example, you might use your smartphone to approve a login attempt through a facial scan or receive a one-time code via email or text message that you must enter within a short timeframe. Some accounts also prompt you to approve access with a standalone authenticator app like Duo or Google Authenticator.

Different Forms of MFA

MFA can take several forms, depending on the security needs of the account and personal preference. According to the NCA, some of the most common methods include:

• An Extra PIN: In addition to your password, you could enter a secondary Personal Identification Number or PIN.
• Security Questions: An extra security question such as, "What town did you go to high school in?" or "What is your mother's maiden name?" can provide an added layer of verification.
• One-Time Use Code: A unique code sent to your email or phone number that must be entered within a short window of time.
• Biometric Identifiers: These include fingerprints, facial recognition, or retina scans.
• Standalone Authenticator Apps: Applications like Duo or Google Authenticator that require you to approve or deny login attempts.
• Secure Tokens: Physical devices like keyfobs that verify your identity with a database or system, making them a strong layer of protection against unauthorized access.

Each method provides a unique way to reinforce security, ensuring that even if a cybercriminal has access to your login credentials, they would still be blocked by an additional barrier.

Can MFA Be Hacked?

While multifactor authentication is one of the best ways to secure your accounts, it is not foolproof. The NCA explains that there have been instances where cybercriminals have managed to bypass multifactor authentication. This typically happens when a hacker sends multiple MFA approval requests, hoping to wear down the account owner into approving the login due to confusion or annoyance.

If you receive unexpected MFA requests and aren't trying to log in, do not approve the requests! Instead, contact the service or platform right away. Change your password for the account as soon as possible. If you've reused that password for other accounts, update those passwords, too—this is why using unique passwords for every account is essential.

Despite these rare cases of MFA circumvention, it's important not to let this deter you from using it. According to the NCA, multifactor authentication remains one of the most effective ways to bolster the security of your data and protect against unauthorized access.

Why Should Public Employee Retirement Systems Use MFA?

Public employee retirement systems handle a wealth of personal and financial data, making them prime targets for cyberattacks. Implementing MFA protects this sensitive information and builds trust with system members and retirees by demonstrating that robust measures are in place to defend their retirement security.

As trustees and administrators, it's vital to encourage MFA adoption for the systems you manage and your personal accounts. By taking this simple step, you can:

• Reduce the Risk of Data Breaches: With MFA, even if a hacker gains access to one layer of your login credentials, the second layer acts as a barrier to entry.
• Prevent Identity Theft and Fraud: Cybercriminals often use stolen credentials to impersonate users or commit financial fraud. MFA acts as a safeguard against these activities.
• Comply with Best Practices: Many industry standards and regulations now recommend or even require MFA for securing financial and personal data. Implementing MFA helps ensure compliance with these guidelines.

TEXPERS' Commitment to Cybersecurity Awareness

As an NCA Champion, TEXPERS is committed to empowering its members and annuitants with the knowledge they need to protect their digital information. Throughout Cybersecurity Awareness Month, we will share best practices, resources, and tips on enhancing your online security.

For a detailed guide on setting up MFA and additional online safety tips, visit the National Cybersecurity Alliance's MFA Resource Page.

By turning on MFA, you can better safeguard your online accounts and contribute to a more secure digital environment. Together, we can "Secure Our World" and help ensure the security and integrity of public employee retirement systems in Texas.

FOLLOW TEXPERS ON FACEBOOK, X (formally known as Twitter), THREADS, AND LINKEDIN FOR THE LATEST NEWS ABOUT TEXAS' PUBLIC PENSION INDUSTRY.