Why multi factor authentication (MFA) is essential for every account

Dave North | Last updated on July 9, 2025 | 3 minute read

On a dark blue gradient background, a desktop monitor displays security visuals—a fingerprint scan icon, a folder with document lines, and a password field masked by asterisks. A large blue shield bearing a padlock overlaps the screen, with two pale gear icons floating beside it, symbolizing multi factor authentication (MFA).

Multi factor authentication (MFA) fills in where even the strongest password falls short. 

Between phishing attacks, credential stuffing, and data breaches, attackers have more ways than ever to get their hands on your team’s login details. Fortunately, there’s one simple step that can drastically reduce the risk: Multi-Factor Authentication.

Whether it’s securing a personal email account or sensitive business data, enabling MFA and defining clear MFA policies is one of the simplest and best things you can do to protect yourself, your team, and your organization.

The CISA strongly recommends MFA. Indeed, it’s the first point in the Secure by Design Pledge.

If you use Rewind and you haven’t already done so, you should enable MFA for Rewind. It’ll only take a minute. We’ll wait.

What is MFA?

Multi factor authentication (MFA) is a security mechanism that requires users to present two or more verification factors to access an account. Rather than relying solely on “something you know,” like a password, MFA adds another layer such as:

  • Something you have – e.g., a mobile device with an authenticator app or a physical security key
  • Something you are – e.g., biometrics like fingerprints or facial recognition

The basic idea is simple: even if a malicious actor gets access to a password, they can’t access the account without the second factor.

Multi factor authentication works – the stats

MFA adds an extra step to the login process. Is it worth this little bit of friction?

Yes.

MFA works. It’s not perfect (what is) but it’s efficacy is supported by extensive data and real-world testing from some of the most trusted names in cybersecurity.

Microsoft: Block over 99% of account compromises

According to Microsoft:

MFA can block over 99% of account compromise attacks — even if your password is stolen.

That statement is backed by analysis of millions of login attempts, underscoring how adding even a basic second factor can dramatically reduce risk.

Google: Security keys are near-impenetrable

In a 2019 research collaboration with NYU and UCSD, Google found that using MFA based on physical security keys (for example YubiKey or Titan Security Key):

  • Blocked 100% of automated bot attacks
  • Blocked 99% of bulk phishing attacks
  • Blocked 90% of targeted attacks

Verizon DBIR: Credentials are the weak Link

The 2025 Verizon Data Breach Investigations Report (PDF link) reveals that:

  • 60% of breaches involve the human element, including social engineering, phishing, and errors. Down 8% from 2024, and still a heady number.
  • Credential abuse remains the most common attack vector for initial access.

In other words, if your teams rely on a password, your security armor has a clear chink. MFA is not a silver bullet solution but it does dramatically increase the effort required for attackers to succeed. 

16 Billion+ leaked credentials

The scope of the problem is staggering. CyberNews reports that over 16 billion credentials have been exposed through data leaks and malware campaigns. This is a massive trove that attackers use in automated attacks every day.

MFA acts as a critical failsafe and can prevent stolen credentials from being used successfully.

A banner with a stylized shield icon and the bold heading ‘Verification required,’ followed by a prompt indicating that multi factor authentication (MFA) must be completed before access is granted.

Enable multi factor authentication in Rewind right now

Rewind takes security seriously (and we have the ISO/IEC 27001:2022 and other certifications to prove it). We offer MFA and other important security options to protect your account, including:

  • Time-based One-Time Passwords (TOTP) using apps like Google Authenticator or Authy
  • FIDO2/WebAuthn security keys, such as YubiKey or other hardware tokens

These tools add a strong second layer of protection and are easy to set up within your Rewind account settings.

If you or your team haven’t already done so, enable MFA for Rewind immediately. If you need a reason to make this a priority, consider what would happen if your account were compromised and you lost access to backups of your critical data.

Make MFA a must-have

Consider multi factor authentication a non-negotiable across your entire team. Whether in Rewind or any other app or service, if MFA is available, it should be enabled. If a service doesn’t support MFA, that’s a red flag.

Don’t wait until your credentials are compromised to act.

Turn on MFA now

  • For Rewind.
  • For your email
  • For your cloud services
  • For anything that matters

If you aren’t already protecting your Rewind account with MFA, follow our step-by-step guide on how to turn on multi factor authentication for Rewind.


Profile picture of <a class=Dave North">
Dave North
Dave North has been a versatile member of the Ottawa technology sector for more than 25 years. Dave is currently working at Rewind, leading the technical operations group. Prior to Rewind, Dave was a long time member of Signiant, holding many roles in the organization including sales engineer, pro services, technical support manager, product owner, and devops director. A proven leader and innovator, Dave holds 5 US patents and helped drive Signiant's move to a cloud SaaS business model with the award-winning Media Shuttle project. Prior to Signiant, Dave held several roles at Nortel, Bay Networks, and ISOTRO Network Management working on the NetID product suite. Dave is fanatical about cloud computing, automation, gadgets and Formula 1 racing.