Button has appeared on your dashboard recently! This feature is called multifactor authentication and enabling it ensures that only you can access your account. When you sign into a website, like Devozki, you use a username and password. This is what is known as single factor authentication because it is only one thing. Usernames are usually something easily identified, such as your email address, so if you don't use on all your accounts, someone learning your password can gain access to many of your other accounts. By adding another piece of information to this process, we create multifactor authentication (usually written as MFA or 2FA). This additional information is most commonly (such as a code on your phone, a physical token like a, your fingerprint, or a scan of your face). Now to break into your account an attacker needs to know have access to, making it much harder for them to succeed in accessing your accounts. In research conducted by Microsoft, they found that. Why isn't my password enough We humans don't tend to be great at picking passwords that are hard for computers to guess, and even when we do pick good ones, we tend to reuse them on multiple sites. Here are a couple of ways computers and attackers can leverage that to get into your accounts. The short version is Most people use password that even another human can easily guess Some people user passwords that are hard for another human to guess but very easy for a computer (who can make literally thousands of guesses a second!) Some people use a password that is hard for both other humans and computers to guess, but reuse that same password on multiple sites. For example if the computer works out that you password is for an account login of that will try that username nad password combination on at many other popular sites as they can to break into your accounts elsewhere. Some people use strong unique password (every account has a different password) but are still able to be fooled by a or other targeted attack that attempts to get you to log in with your unique details on a page the attacker controls. The only thing that effectively mitigates all of these cases is by adding an additional login item that a password. To learn more, check out is a great resource for seeing if your email address has been leaked via a breach, and is a great tool for seeing if a password you use has appeared in one of the know lists attackers use to attempt to take over accounts. How does MFA make my account safer When you enable MFA on your account, you are telling us to only accept a login to your account where the login provides the (your username and password) and the (your short lived login code, Yubikey, etc.). Now to take over your account the attacked needs to also get hold of the device that you use to authenticate your login, whether that is a hardware device (like a Yubikey) or a software device (like a code generator app on your phone). This makes it far harder for them to succeed. Enabling MFA is one of the single best things you can do on any of your online accounts to improve your security. What about physical authenticators Physical authenticators are devices that you use to prove you are the owner of an account when you log in. These devices offer a great deal of security because they are extremely difficult for an attacker to try and impersonate. For some people, using only a physical authenticator is the right option for them, such as a Yubikey that is kept on a keychain. This makes it easy to know exactly where that device is at all times and means that no one can access their Tryst account without also having that physical token available. For others, adding a physical authenticator may just be a convenient secondary option to enabling, such as adding Face ID on their iPhone. They then use Face ID to authenticate a login on their phone, but use the short lived code when logging in elsewhere, such as their laptop. Should I use a physical authenticator While physical authenticators are great devices to add security to your login, there are some things you should consider before deciding to use one with your Tryst account. Tryst allows you to add multiple authenticators to your account, including combining both physical authenticators and time based code generators so you can set up the right environment for you. Whether or not to use a physical authenticator on your Tryst account is a personal decision based on what you’re feel most comfortable with, and what level of protection you feel you need. There are many pros and cons to using one, which we outline on our support centre. How do I get started You can enable MFA on your Tryst account right now! Head to Manage Account Security on your dashboard after logging in and follow the steps. Check out the articles below for step-by-step instructions and to learn more about physical authenticators.