Why One Lock Isn’t Enough: Stronger Defenses with Multifactor Authentication (MFA)
14Oct 2025

Why One Lock Isn’t Enough: Stronger Defenses with Multifactor Authentication (MFA)

Imagine locking your house but leaving your key in the door. Any thief could instantly walk in and steal your valuables. Locking your door alone does not protect your home. A similar security failure plagues law firms. Firm accounts like email and cloud file storage are attractive targets for cybercriminals because they hold valuable personal information. Just like a key left in a locked door, passwords are easy to unlock by guessing or hacking. A password alone isn’t enough to defend your data.

The solution is simple: don’t rely on a single lock. For extra security, use multifactor authentication (MFA). MFA is a verification process you can add to verify your identity before accessing your account.

Adding MFA makes it harder for cybercriminals to steal your files. Because your clients' most sensitive information is at stake, extra security measures are crucial to prevent cyberattacks. Let’s break down MFA and how to implement it in your practice.

Why use Multifactor Authentication (MFA)?

Many firms rely solely on passwords, but adding MFA enhances your security because it verifies only you—the account owner—can access the account. It works by using two or more methods to confirm your identity: something you know (e.g. a password), something you have (e.g. a phone or code), or something you are (e.g. a fingerprint scan). When MFA is in place, first you enter your password, then you verify the sign-in by entering an authentication code texted or emailed to you or scanning your fingerprint or face. With fingerprint readers and face recognition built in most mobile devices, biometric authentication is easier than ever to use.

This added layer of security should be required for any account that holds client and firm data. At a minimum, enable it for any cloud-based services, like email, password managers, or online file storage.


Which MFA tool should I get?

Your MFA option depends on what your accounts support. Some accounts already offer text and email codes—which are common and easy to set up—but they are also the most vulnerable to phishing and other attacks. In particular, electronic SIM (eSIM) cards can be swapped or duplicated, allowing the authentication code text message to be sent to a threat actor instead of to you.

A step up from this method is push notifications, where your account sends a login approval request through its app on your phone. You simply tap to approve and confirm your identity. Push notifications are generally more secure than relying on a potentially compromised phone or email account.

For even stronger protection, consider using a dedicated authentication app. These apps link directly to your account and generate a temporary code to enter each time you log in. Because the verification code is generated locally on your device, it avoids vulnerabilities related to SIM cards or email interception. Unfortunately, not all accounts support authentication apps, so check with your account provider to see if you can enable this option.

There are higher level security tools used by some organizations like hardware tokens, smart cards, or external security keys. These options are safer and more reliable, but also more expensive and complex to manage. If interested in this additional level of security, work with an IT professional to determine and implement the right solution for your office.


How can I add MFA to my accounts?

Once you understand your options, the next step is to find out what method your existing accounts support. Many email and cloud storage accounts already include at least one MFA method—you just need to enable it in your account settings.

If you decide to use an authentication app, choose one from a reputable company. Popular options include iPhone Passwords (called Codes), Microsoft Authenticator, Google Authenticator, and apps from your existing security providers. While there are many general authentication apps, be sure to vet the company thoroughly before downloading, and read verified user feedback and ratings of the app before making a decision.

In addition to finding a trusted provider, look for an app that allows you to connect to multiple accounts such as Outlook and Dropbox, so you only need one authenticator app for everything. Other features that may be helpful include automated set-up via QR code for a quick connection, and encrypted backups for easy transfer to a new device.

For even more control over your MFA setup, you can require fingerprint or face recognition to unlock specific apps on your device. For iPhones, press and hold the app icon on the home screen and use the pop-up menu to add Face ID. For Android, open Settings, select Security then App Lock, and specify which apps you want to lock and how you want to unlock them. Adding biometric security to access your authentication app creates genuine three-factor authentication and strengthens your overall security.


Using MFA adds a powerful layer of security to ensure only authorized users can access your information. Being proactive with cybersecurity protects more than just data — it safeguards your clients and your practice. Don’t just lock your digital office door; add a deadbolt.
 

Post Author: Monica Logan

Monica Logan

Read more about Monica Logan

Featured Posts

Tips for Keeping Your Communication Professional and Effective
15Aug 2025

Tips for Keeping Your Communication Professional and Effective

Do you speak the same way in a job interview as you do when you’re at a concert with your friends? Probably not. Is your interaction with a police officer similar to how you behave with a family member? Again, unlikely. We tend to adjust our style based on our circumstances and company; and often we do so unwittingly. But in the practice of law, with words as our tools, it’s not enough to simply convey thoughts. We must have a deeper awareness of how we are communicating.

Revised PLF Books for Starting and Managing Your Law Practice!
04Jan 2025

Revised PLF Books for Starting and Managing Your Law Practice!

To support aspiring and current firm owners, we've refreshed our practice management book series, complete with our latest malpractice avoidance tips, general guidelines, and practical forms. The new design format enhances readability, while the trio of covers embraces the essence of the Pacific Northwest. Whether you're planning to start a firm or already managing one, this set from the PLF reveals valuable insights to guide your journey.