Brought to you by art|Works Initiative, this series is part of our commitment to empowering creatives, small business owners, and professionals with practical security strategies. As an initiative of inWorks LLC, a company rooted in technology and business solutions, we understand the unique challenges faced by artists and entrepreneurs navigating today’s digital landscape.

From cyber hygiene and data privacy to financial security and scam prevention, each post will provide actionable insights to help you stay one step ahead in a world that often prioritizes convenience over protection. Because when it comes to your security, the best defense is knowledge.

Stay tuned as we break down complex security topics into simple, effective strategies—so you can focus on what you do best without fear of being compromised.

Digital Security as Self Defense

The development of the Internet initiated a new horizon all for the taking. The digital space is one of seemingly limitless possibilities; unfortunately, not all of them are benevolent. The digital world is full of threats – data breaches, identity theft, phishing schemes, and malware are more common than ever before. Moreover, institutions that have been put in place to protect our personal data are often failing, leaving individuals vulnerable in an ocean of unseen digital threats.  

However, digital security is a form of self-defense and there are steps that the common digital citizen can take to protect themselves from the malevolent unknown.  

What Is Multi-factor Authentication?

Multi-Factor Authentication, or MFA, is a term that is thrown around a lot in today's digital landscape – but what does it mean, really? Multi-Factor Authentication is a security system that requires a user to provide multiple forms of verification before accessing sensitive or vulnerable information. In other words, having a MFA system is like having a security guard in your apartment building check your ID before you are allowed to use your key to unlock your door. MFA adds an extra step to make sure that it is you attempting to access your information.   

MFA operates by requiring authentication from at least two of the following three categories: 

1. Something You Know – A password, PIN, or security question answer. 

2. Something You Have – A smartphone, security token, or authentication app. 

3. Something You Are – Biometric data such as fingerprints, facial recognition, or voice patterns. 

Chances are, you have encountered this before. For instance, when logging into a Gmail account on a unfamiliar computer, Google will send a notification to your personal device that you have to accept before that computer will allow access to the Gmail account.  

MFA is more common than you may think. Many applications and websites offer MFA as an added security measure: when the option arises, you should always add MFA to your accounts.  

Why Your Password Might Not Be Enough

Nevertheless, some may say that a password should be enough. If we are being good digital citizens and using a unique password for every application, everything should be fine, right?  

Unfortunately, the perfect upstanding digital citizen is few and very far between. More common is reusing the same password for similar applications, or a simple easy to remember variation of the same password. This is the perfect storm for a type of digital attack strategy called Credential Stuffing. Many people reuse passwords across multiple accounts. If one of those accounts gets compromised, attackers use automated tools to try the same credentials on other sites, gaining access to more accounts.  

Even if your passwords are slightly different, Data breaches happen frequently, leaving millions of passwords exposed on the dark web. We use our emails to sign into virtually everything in the digital space: it is more than likely that any one of those logins has been farmed for malevolent actors on the dark web.  

Our Recommendations

However, all hope is not lost. There are many Authenticator options out there for all digital citizens worried about their security. Apps like Google Authenticator, Microsoft Authenticator, or Authy generate a one-time code on your phone that expires in seconds. Since the code is not sent over the internet or SMS, it’s much harder for hackers to intercept. At inWorks and art|Works Initiative, Microsoft Authenticator is our application of choice.

Microsoft Authenticator is a free app designed to enhance account security by enabling passwordless sign-ins, two-step verification, and multi-factor authentication. It allows users to access their personal, work, or school Microsoft accounts using biometric data (fingerprint or facial recognition) or a PIN, eliminating the need for traditional passwords.

Key Features:

• Passwordless Sign-In: Users can approve sign-in requests directly from their mobile devices, streamlining the authentication process.

• Two-Step Verification: The app generates one-time password codes, adding an extra layer of security to account access.

• Multi-Factor Authentication (MFA): Authenticator supports MFA by requiring multiple verification methods, such as a combination of biometrics and codes, to confirm user identity.

Getting Started:

1. Download the App: Install Microsoft Authenticator from your device's app store.

2. Add Your Account: Open the app, select "Add account," and choose the appropriate account type (e.g., work, school, or personal).

3. Configure Sign-In: Follow the on-screen instructions to complete the setup and begin using the app for secure sign-ins.

By integrating Microsoft Authenticator into your security practices, you can significantly reduce the risk of unauthorized account access and enhance overall digital safety.

And anything is better than nothing. If a service has an option to initiate an SMS verification code every time a log in is attempted, it is always better to opt in. While this adds security, it’s still vulnerable to SIM swapping (where attackers hijack your phone number) or intercepted messages. 

It is important to remember, never share your authentication codes with anyone. If you receive a security code via text or see one in your Microsoft Authenticator app, it is meant for you alone. No legitimate company, including Microsoft, will ever call, email, or message you asking for this code. If someone requests it—especially over the phone—it’s likely a scam attempting to gain access to your account. Always keep your authentication codes private to protect your digital security.

At art|Works Initiative, we are here to help you do what you do best; that includes keeping your information safe. If you have any questions or concerns, you can find us at The Longview Gallery every Friday for "Work from the Office Fridays" or stop by any Wednesday during Office Hours with our IT team. We're always ready to help troubleshoot and answer any questions you may have.