Stop Hackers Dead In Their Tracks With This Easy Trick

So you’ve spent the past few days starting to get your passwords updated and into your password manager.  That’s a great start!  But we’re not done yet.  Those long, complex, unique passwords you’re setting are only one part of the equation to protecting your information.  You need multi-factor authentication.

“I need what?”

Multi-factor authentication, sometimes called two factor authentication, is an extra layer of protection.  In order to meet the definition, at least two of the following have to be met BEFORE you can access your information:

1. Something you know (e.g. passwords)

2. Something you are (e.g. fingerprint, face)

3. Something you have (we’ll talk about these in a moment)

If only one of these are met to access your information, like using your fingerprint to unlock your phone, that’s not multi-factor authentication.

“I think my bank has something like this”

Your bank probably does have a multi-factor authentication option to protect your account.  After all, they only want you to access your money and not a hacker. In fact, many websites have multi-factor authentication options, from your healthcare provider, to video game companies, to social media sites.  No one wants embarrassing tweets posted by someone else, or to have their iCloud account hacked and all their pictures of their child deleted.

“What about the ‘Something you have’?”

This is the most common multi-factor option used with passwords.  Generally, the “something you have” is a text message sent to you with a six digit number, or maybe a phone call with a robotic voice reading you the numbers.  The theory is that even if someone got your password, they would need this code to log in. Unfortunately cell phone hacking, specifically stealing SIM card information, has become prevalent and these options are no longer considered secure.

What you need is a security key.  For a long time, these keys were little grey devices (usually made by a company called RSA) that had a digital screen on them with six numbers.  The numbers rotate every minute and are based on a unique algorithm for that key only.

Luckily there’s an easier and more secure way that doesn’t require you to add something else to your keychain: an app.  Many of the password manager companies mentioned in our previous post have companion “authenticator apps” that can store these rotating numbers.  You’ll be able to house all of your codes in one app that you can quickly access anytime, anywhere. Best of all, it’s as simple as snapping a picture of the barcode the company will show you on your screen and you’ll be up and running!

“Sign me up!”

Every website is going to be a little different in how to enroll.  Usually, it will be buried in the settings menu, maybe under “security” or “manage your profile” and may be called “enable two-factor.” Our free Social Media Protection Guide covers step-by-step how to set up multi-factor on most of the major social media platforms. Unfortunately not every company offers multi-factor options, and not every company offers multiple methods (e.g. text message vs. an authenticator app).  But ANY form of multi-factor authentication is better than none! So do yourself a favor and set it up now!

If you or your organization are trying to navigate the world of password policies and multi-factor authentication, let’s get together and discuss Cybersecurity Policy & Controls to make sure your passwords empower a cybersecurity culture and not hamper it.

Follow us - stay ahead.

Read more of the ACT