Enable Two-Factor Authentication
If you talk to any security expert about securing online accounts, the first thing they will tell you is “enable 2FA.” However if you start looking at the number of accounts where Two-Factor Authentication is purposely turned off or opted out of, you will be surprised at how high the number is. The reason for this is because most end users consider 2FA to be a nuisance, and don’t see the need for it when it comes to securing their accounts. While others will enable it in some places, but not others. For example, they will enable 2FA on their banking and financial websites, but will not enable the extra layer of security on their social media or email accounts. Ironically most of the time those other websites use your email address as the username. This means that if your email address is compromised then it can lead to your other associated accounts falling victim to being compromised as well.
Some will argue that they have been safe so far, but global digital security firm Positive Technologies reports that there were 765 million accounts affected by data breaches in 2018 for the months of April, May and June alone. This number is only climbing with breaches reported almost weekly from various companies. To top it off, the breaches are usually not reported to the public for months. This means your information has already made its way to the Dark Web before you are even notified. For the end user the answer is very simple, end to end protection on their online accounts. There are many free authenticator apps out there that are cross application and give you a single collection of your secure tokens. Two of the most popular ones are the Microsoft Authenticator and the Google Authenticator.
Try using these simple rules:
- Enable 2FA or MFA on all your email addresses and other web-based logins.
- If the app does not support one of the authenticator or 2FA methods above opt for the SMS option. While SMS is not as secure it is still a better option than no secondary authentication factor.
- Separate passwords for work and personal life.
- Create passwords tiers so that if one account is affected by a breach it doesn’t automatically lead to all the others being affected.
Remember it is no longer about convenience, but about protecting your identity. The cost of repair far exceeds the hassle of entering in a code to grant access. If you’re interested in implementing 2FA in your company, contact Thrive today.