Setting up a new laptop recent, as I reinstall all my software and logged into my various tools, my phone was going nuts sending me codes. These codes are the Multi-Factor Authentication in action!
During this same time, a client suddenly had an issue where an email account got hacked into, and someone else was reading, replying, and intercepting work email. Now if you read the last blog, you know this is truly a hacker, not a virus. The person was having work emails forwarded to a personal email inbox, which was then hacked into outside the protection of the work firewall. This allowed the hacker to intercept critical work emails.
Another potential client during this time gets his email locked down by his provider, because his weak email password (Big Mistake) allowed a hacker into his email. The hacker sent a bunch of strange emails, deleting them from the sent folder afterwards, and now his email is locked and can’t send emails.
Both ‘client’ situations were preventable by using Multi-Factor Authentication!
The first appearance of what is the modern version of two-factor authentication (2FA) was in 1986 with a “password fob”. This fob was a small LCD screen that displayed a short numeric code which users appended to their password. According to a New America article entitled “Getting Internet Companies To Do the Right Thing”, for over 20 years, many large enterprises and government entities used this extra protection for their internal systems. My first-time hearing about this device was a local accounting firm who handled large payroll accounts. They needed the Fob to log in and transfer funds for payroll.
In 2010, Google started introducing Multi-Factor Authentication (MFA) for their business accounts, then within a year, it had expanded to general Google accounts. Since then other companies such as Microsoft, Twitter, Apple and Amazon have added MFA to their online platforms.
Two-factor authentication is an extra layer of security that adds to your account to prevent someone from logging in even if they have your password. Normally, it’s requires you to have access to their mobile phone or email. In a few cases, it could also be an automated telephone call. However, it can also be answering security questions.
The first factor of authentication is your password. We have talked many times about the importance of a strong password. To recap those tips quickly:
- Don’t use common words, names, birth, or anniversary dates.
- Don’t use ‘password’, ‘covidsucks’ or ‘covid19’ as these are the most common passwords of 2020.
- Use a combination of numbers and letters, as well as a special symbol. Use both upper and lowercase letters.
- Make your password long and a non-sense phrase.
- Change your passwords regularly and keep them private.
After entering the correct password, then the second factor of authentication begins. At this point, you might get asks security questions, or you could receive a code via email, telephone, or text message with a code.
For security questions, make sure you make strong answers. When you pick the questions and answers, here’s some tips to remember:
- Use SAFE questions – questions that can’t easily be guessed or researched.
- Use STABLE questions – questions that the answers will not change.
- Use MEMORABLE questions and answers – so you don’t forget!
- Use DEFINITIVE or SIMPLE questions – questions that would only have one answer.
- Avoid picking answers that your Facebook friends would know, answers that a Google research would find, and common knowledge.
I don’t answer questions such as “favorite band” because that can differ from day-to-day for me. But I do lie with some of my questions. For example, if it asks for my “childhood friend first name”, I might use their last name instead. If asking the street, I lived on at age 10, I might answer something like “Ms. Tucker” which was my teacher at age 10.
For the other options, when they send a text or email with the code, try to make sure the email address and telephone number are ones you will use, and update if the email or password changes. It is very difficult to get a two-factor authentication corrected if the email or telephone number is outdated.
We hear a lot of people complaining the trouble with Multi-Factor Authentication, but let’s think back to the blog about firewalls. Remember the example we used about living in a glass house and without a firewall, it would be like anyone driving by can see everything you own and just walk in and steal it? The firewall puts a ‘huge privacy fence’ around your house as a way of protecting your house and property. But any police office will tell you, sometimes people make it inside the privacy fence…so then we hope that the doors are locked, right? That’s the passwords and multi-Factor Authentication. On my front and back door, I have both a lock on the doorknob and a deadbolt. This is Two-Factor Authentication!
In summary, I strongly recommend you turn on Multi-Factor Authentication if it is an option. This adds steps to logging in but helps to keep you and your information secure. If you have questions about this, please let us help.