Skip to main content

Cybersecurity Awareness Month - Multifactor Authentication

October 24, 2023

What is MFA?

Multifactor authentication (MFA) is a way of securing your online accounts and data by requiring more than just a username and password to sign in. MFA adds a second or more factors of verification, such as a code from an app, a text message, or a biometric scan, to confirm your identity.

MFA is important because usernames and passwords alone are not enough to protect your information from hackers and cybercriminals. Passwords can be easily guessed, stolen, or reused across multiple sites. If someone gets access to your password, they can impersonate you and access your sensitive data, such as your bank account, email, or social media.

As a best practice it is recommended to use app-based methods of verification before using a text or phone call for verification. If your phone is lost or stolen the SIM card is vulnerable to being swapped into a new device and then used to gain access to your accounts. With app-based authentication only the approved device would receive any verification prompts, which in the event of a lost or stolen device, could then be removed from the list of approved devices. 

How do I configure MFA?

At Penn Carey Law we make use of two Authenticators to secure your accounts, one for your LawKey (Microsoft Authenticator), and one for your PennKey (DUO Mobile).

For your LawKey you can download the Microsoft Authenticator app and then follow our instructions here: Setting up LawKey MFA (

Information for PennKey and setting up DUO mobile can be found here: Two-Step Verification: Getting Started | UPenn ISC

If your device is ever lost or stolen, please let us know and we can work with you to set a new authentication device.

Outside of the Law School

MFA is a simple and effective way to enhance your online security and reduce risk of identity theft and data breaches. MFA is not only for work or school accounts but should also be used for your personal accounts wherever possible. Social media, banking, and plenty of other online services have options to enable Multifactor Authentication.