At myHSA, the security of your clients' data is paramount. As an advisor, you are accessing sensitive financial and health-related information—and ensuring that only you can access that information is a big deal. That's why we strongly recommend using an authenticator app as the method of multi-factor authentication (MFA) over traditional options like text message or email.
1. Authenticator Apps Are Resistant to Phishing
Text and email MFA rely on networks that can be intercepted or manipulated. If a bad actor gains access to your email or convinces your phone provider to port your number (a technique called SIM swapping), they can get your MFA codes and compromise your account.
Authenticator apps like Google Authenticator, Authy, or Microsoft Authenticator, on the other hand, generate time-based codes that never leave your device and are not transmitted through vulnerable networks. This makes them far less susceptible to phishing or social engineering attacks.
2. No Waiting, No Delays
Have you ever waited several seconds (or minutes) for a code to arrive via text or email? Worse—have you had to refresh your inbox multiple times only to realize the code expired?
Authenticator apps generate codes instantly, even without cell service or internet access. That means faster logins and fewer frustrations when you're working on the go or in a low-signal area.
3. Better Protection Against Account Takeover
Email accounts are one of the most commonly targeted entry points in a cyberattack. If your email is compromised and you use it for MFA, your myHSA account becomes a lot more vulnerable.
An authenticator app breaks that chain. Even if your email is breached, the attacker would still need physical access to your phone to get the login code. That additional layer of protection significantly reduces the risk of an account takeover.
4. It’s Easy to Set Up
We get it—change can feel like a hassle. But setting up an authenticator app is quick, simple, and only takes a minute or two. It's also industry standard amongst top data-secure apps and websites. Once it’s set up, logging in becomes second nature. The benefits in terms of peace of mind and protection far outweigh the effort.
5. Regulatory & Ethical Best Practice
As an advisor, you're not just accessing your own data—you’re managing data on behalf of clients and their employees. Using the most secure login method isn't just good cyber hygiene—it's part of your ethical responsibility to safeguard that information.
Using an authenticator app aligns with industry best practices for secure access to sensitive platforms and demonstrates your commitment to protecting client data.
6. Consider your Reputation
Consider your business: if an account were hacked and client information exposed—putting someone in a potentially dangerous situation—your entire operation could be at risk. Word spreads fast, especially with social media, and the last thing you want is for your reputation to take a hit because a client suffered a data breach due to weak security.
Questions? Please reach out to support@getmyhsa.com