What is MFA?

MFA is an added layer of security designed to confirm your identity when logging into an online service or account. This helps protect your accounts from being compromised by cyber criminals. MFA requires that you enter additional information to gain access to your account. It’s also referred to as ‘two-factor authentication’ or ‘2FA’.

Why MFA is important

Using MFA makes it harder for cyber criminals to break into your account than if you only use a password. With MFA turned on, if your account is compromised and the criminal has your password, they will need to enter additional information that only you can provide.

Online accounts such as banking, social media and email can contain a lot of valuable information about you. Information that could be accessed includes:

  • Personal identifiable information
  • Banking details
  • Employment details
  • Information from government agencies such as Medicare or myGov
  • Personal photos and messages.

If a cyber-criminal gained access to any of your accounts, they could:

  • Sell your data on the black market. This could include credit card numbers, names, addresses, emails, date of birth and so on.
  • Gain access to social media accounts by resetting your password.
  • Send phishing emails to your contact list. These could trick your friends and family to give out personal information or install malware onto their devices.
  • Send fraudulent email requests for payment. Learn how to avoid email scams.

Different types of authentication

One-factor authentication

One-factor authentication is something that only you know, like your password or PIN. Systems that use one-factor authentication only require a username (such as an email address) and a password to access them.

Two-factor Authentication

Two-factor authentication is something you know (password), plus something you have. Systems that use two-factor authentication require a username and a password, plus a one-time password or code (sent to your mobile phone, for example) to access them.

Three-factor Authentication

Three-factor authentication is something you know, plus something you have, plus something you are (a biometric input, such as a fingerprint scan to unlock your phone). Systems that use three-factor authentication require a username and a password, a one-time password or code, and some other unique biometric that identifies you.

How to set up MFA on your accounts

Below are some of the common ways to set up MFA on your accounts. 

Set up MFA on Office 365

You can set up MFA on your Office 365 in the Admin centre. This will generate a phone call, text message or an in-app notification to verify your identity. Find out how to set one up on Microsoft’s step-by-step guide, opens in new window.

Set up MFA on Apple devices

You can enable MFA on your iOS and macOS devices. For more information and instructions, visit Apple’s guide on MFA, opens in new window.

Set up MFA for other accounts

To help you set up MFA for other accounts such as social media or Gmail, the Australian Cyber Security Centre has a list of helpful guides to assist you in improving your online protection, opens in new window.

Helpful resources

How we can help

If you’re a NAB customer and you believe your business or personal accounts have been impacted by fraud or a scam, we’re here to help. Explore the immediate steps you can take to protect yourself and discover when you should get in touch with us to make a report.

Learn what to do in the event of fraud or scams

Get updates on the latest fraud alerts


IDCARE is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.

IDCARE can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians.

Learn more about IDCARE, opens in new window

Australian Government | Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.

Learn more about the Australian Cyber Security Centre, opens in new window

Australian Government | ReportCyber

ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.

Learn more about ReportCyber, opens in new window

Australian Competition and Consumer Commission | Scamwatch

Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.

Learn more about Scamwatch, opens in new window

Australian Government | Office of the eSafety Commissioner

The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.

Learn more about the Office of the eSafety Commissioner, opens in new window

Australian Government | Attorney-General’s Department

The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.

Learn more about the Attorney-General’s Department, opens in new window

Related articles

Important information