Article tags

Estimated reading time is 5 minutes.

Email is a fundamental part of everyday life, so protecting your email account from being compromised by a cybercriminal must be a priority.

What is MFA?

MFA is an added layer of security designed to confirm your identity when logging into an online service. MFA requires that you enter additional information to gain access to your account.

Using MFA makes it harder for cyber criminals to break into your account, than if you were only using a password. For instance, should your password be compromised, the criminal would need to additional information which only you’d be able to provide.

Different types of authentication

One-factor authentication

One-factor authentication is something that only you know, like your password or PIN. Systems that use one-factor authentication only require a username (such as an email address) and a password to access them.

Two-factor Authentication

Two-factor authentication is something you know (password), plus something you have. Systems that use two-factor authentication require a username and a password, plus a one-time password or code (sent to your mobile phone, for example) to access them.

Three-factor Authentication

Three-factor authentication is something you know, plus something you have, plus something you are – (a biometric input, such as a fingerprint scan to unlock your phone). Systems that use three-factor authentication require a username and a password, a one-time password or code, and some other unique biometric that identifies you.

Why MFA is important

Your email account contains lots of information about you. This includes:

  • Personal identifiable information.
  • Banking details including applications, accounts, cards and loans.
  • Payslips and employment documents.
  • Property, rates, water, phone other utilities.
  • Tax and Investment information.
  • Details of government departments (for example Medicare, ATO, Centrelink).
  • School and University details.
  • Holiday plans and documents.
  • Information around children, day-care and babysitters.
  • Personal photos and messages.

If a cybercriminal gained access to your email account they could:

  • Sell your data on the black market. This could include credit card numbers, names, addresses, emails, date of birth and so on.
  • Gain access to social media accounts by resetting your password.
  • Send your contact list phishing emails. These could trick your friends and family to give out personal information or install malware onto their devices.
  • Send fraudulent requests for payment (read more about email scams).

How can I set MFA up?

There are lots of different ways to set up MFA on your account. Learn how to set up MFA for Office 365 and Apple, and see if your email service or most used apps offer the functionality.

Office 365

You’re able to set up MFA on your Office 365 in the admin centre. By doing this you’ll generate a phone call, text message or an in-app notification to verify your identity. Find out how to set one up on Microsoft’s step-by-step guide.


You can enable MFA on your iOS and macOS devices. For a full run through on how to do this, head over to Apple Support and choose your device.

Other websites and apps

Two Factor Auth (2FA) is a free website that enables you to search for sites to see if they offer MFA. Take a look and see if your email service and applications offer extra security.

Helpful resources

Australian Government | Stay Smart Online

Stay Smart Online provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats. These include software vulnerabilities, online scams, malicious activities, and risky online behaviours.

Australian Government | Australian Cyber Security Centre

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location. It's the hub for private and public sector collaboration and information-sharing to combat cyber security threats.

An Australian Government initiative | Australian Cybercrime Online Reporting Network (ACORN)

ACORN is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ACORN website provides a cybercrime reporting mechanism as well as helpful information about cyber crime.

Australian Competition and Consumer Commission | Scamwatch

Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.

Australian Government | Office of the eSafety Commissioner

The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.

Australian Government | Attorney-General’s Department

The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.


IDCare is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.

IDCare can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCare is a free service for all Australians.

Handy tips for secure online shopping and banking

Stay in control of who accesses your information when browsing online with these simple tips.

How to keep your identity safe online

Your identity is your most valuable asset. Protect it. Your freedom depends on it.

Help your friends and family date safely online

Online romance scams are on the rise, know the signs.