Multifactor Authentication: What is it and why it’s essential for your nonprofit’s website

Written By Cary Walski
A photo of a smartphone with an icon of a lock on it.

What is Multifactor authentication (MFA)?

Multifactor authentication (MFA) is a security feature that requires users to provide two or more forms of authentication before granting access to an account or system. This is a good thing to use for your website login if you're using WordPress because it provides an extra layer of protection against unauthorized access, which is especially important for websites that store sensitive donor or service participant information.

Chances are, even if this is the first time you’ve heard of MFA, you’ve likely already used it! Most banks, for instance, require MFA on your online account. They often do this by either requiring you to answer security questions to verify your identity or texting you a one-time passcode that you must enter to access your account.

There are several types of authentication factors that can be used for MFA, including:

  • Something you know: This includes passwords, PINs, and security questions.

  • Something you have: This includes tokens, smart cards, and mobile devices.

  • Something you are: This includes biometric authentication such as fingerprint or facial recognition.

By requiring users to provide two or more of these authentication factors, MFA makes it much harder for attackers to gain access to your website. Even if an attacker manages to steal or guess a user's password, they will still need to provide the additional factor(s) before they can log in.

What are the risks if I don’t set up MFA on my nonprofit’s WordPress website?

  • Data breaches: Nonprofit organizations may store sensitive information such as donor information, financial data, or the personal data of employees and volunteers on their website. A data breach could lead to this information being exposed, resulting in significant reputational and financial damage.

  • Weaponizing your website: Without MFA, it’s much easier for hackers to use your website as a potential method for infecting visiting devices with malicious code, known as “drive-by downloads”. Not only is your website compromised in this scenario, but potentially the computers and smartphones of your donors, service participants, and community members who visit your website. Yikes!

  • Compliance with regulations: Many regulatory bodies require multifactor authentication for websites that store sensitive information. By using MFA, nonprofit organizations can ensure compliance with these regulations.

  • Qualification for Cyber Liability Insurance: Most Cyber Liability providers require MFA in order for your organization to qualify for insurance. If a breach were to occur, and it was found your organization was not using MFA properly, your organization may be on the hook for damages.

In conclusion, using multifactor authentication for a nonprofit organization's WordPress website can significantly increase security, reduce the risk of data breaches, protect sensitive information, and ensure compliance with regulations. The risks of not using MFA include data breaches, financial fraud, and even the use of your website as a vector to infect visiting devices with malware.

We hope you’re sold on the idea of setting this up! If you are, then stay tuned. We’ll be covering tools you can use to set up MFA for your nonprofit’s WordPress website in our next blog entry.

Cary Walski