Setting up a new laptop recently, as I reinstalled all my software and logged into my various tools, my phone was going nuts sending me codes. These codes are the Multi-Factor Authentication in action!

Real-Life Security Issues

During this same time, a client suddenly had an issue where an email account got hacked into, and someone else was reading, replying, and intercepting work email. Now if you read the last blog, you know this is truly a hacker, not a virus.  The person was having work emails forwarded to a personal email inbox, which was then hacked into outside the protection of the work firewall. This allowed the hacker to intercept critical work emails. Another potential client during this time gets his email locked down by his provider, because his weak email password (Big Mistake) allowed a hacker into his email. The hacker sent a bunch of strange emails, deleting them from the sent folder afterward, and now his email is locked, and he can’t send emails. Both ‘client’ situations were preventable by using Multi-Factor Authentication!

The Evolution of Two-Factor Authentication

The first appearance of what is the modern version of two-factor authentication (2FA) was in 1986 with a “password fob”. This fob was a small LCD screen that displayed a short numeric code that users appended to their password. According to a New America article entitled “Getting Internet Companies To Do the Right Thing”, for over 20 years, many large enterprises and government entities used this extra protection for their internal systems. My first time hearing about this device was at a local accounting firm that handled large payroll accounts. They needed the Fob to log in and transfer funds for payroll. In 2010, Google started introducing Multi-Factor Authentication (MFA) for their business accounts, then within a year, it expanded to general Google accounts. Since then other companies such as Microsoft, Twitter, Apple, and Amazon have added MFA to their online platforms.

What is Two-Factor Authentication?

Two-factor authentication is an extra layer of security that adds to your account to prevent someone from logging in even if they have your password. Normally, it requires you to have access to their mobile phone or email. In a few cases, it could also be an automated telephone call. However, it can also be answering security questions. What is Two-Factor Authentication

The Importance of a Strong Password

The first factor of authentication is your password. We have talked many times about the importance of a strong password. To recap those tips quickly:

  • Don’t use common words, names, birth, or anniversary dates.
  • Don’t use ‘password’, ‘covidsucks’, or ‘covid19’ as these are the most common passwords of 2020.
  • Use a combination of numbers and letters, as well as a special symbol. Use both upper and lowercase letters.
  • Make your password long and a non-sense phrase.
  • Change your passwords regularly and keep them private.

The Second Factor of Authentication

After entering the correct password, then the second factor of authentication begins.  At this point, you might get asked security questions, or you could receive a code via email, telephone, or text message with a code. For security questions, make sure you make strong answers. When you pick the questions and answers, here are some tips to remember:

  • Use SAFE questions: questions that can’t easily be guessed or researched.
  • Use STABLE questions: questions that the answers will not change.
  • Use MEMORABLE questions and answers: so you don’t forget!
  • Use DEFINITIVE or SIMPLE questions: questions that would only have one answer.
  • Avoid picking answers that your Facebook friends would know, answers that a Google researcher would find, and common knowledge.

I don’t answer questions such as “favorite band” because that can differ from day to day for me. But I do lie with some of my questions.  For example, if it asks for my “childhood friend first name”, I might use their last name instead.  If asking the street, I lived on at age 10, I might answer something like “Ms. Tucker” which was my teacher at age 10.

Using Text or Email Codes

For the other options, when they send a text or email with the code, try to make sure the email address and telephone number are the ones you will use, and update if the email or password changes. It is very difficult to get a two-factor authentication corrected if the email or telephone number is outdated. 2FA Code Text Messages

The Analogy of a House with Multi-Factor Authentication

We hear a lot of people complaining about the trouble with Multi-Factor Authentication, but let’s think back to the blog about firewalls. Remember the example we used about living in a glass house and without a firewall, it would be like anyone driving by can see everything you own and just walk in and steal it.  The firewall puts a ‘huge privacy fence’ around your house as a way of protecting your house and property. But any police officer will tell you, that sometimes people make it inside the privacy fence…so then we hope that the doors are locked, right? That’s the passwords and Multi-Factor Authentication. On my front and back door, I have both a lock on the doorknob and a deadbolt. This is Two-Factor Authentication!

Conclusion

In summary, I strongly recommend you turn on Multi-Factor Authentication if it is an option. This adds steps to logging in but helps to keep you and your information secure. If you have questions about this, please let us help.

The Top 10 Ways Hackers Get Around Your Firewall And Anti-Virus To Rob You Blind

Cybercrime is at an all-time high, and hackers are setting their sights on small and medium businesses who are “low hanging fruit.” Don’t be their next victim! This report reveals the most common ways that hackers get in and how to protect yourself today.
 

Recent Blog Posts

Get In Touch

 
Techno Advantage

317-857-0150

Pin It on Pinterest

Share This