Weak or stolen user credentials are a hackers ideal tool for stealing data as part of their efforts to make money. For the hacker, it’s an easy, low-risk, high-reward type of crime, and let me tell you it’s growing fast. Password theft is continually evolving as hackers employ methods like keylogging, phishing, social engineering, and other methods. Cybercriminals do more than merely steal data they have also been known to destroy data, change programs or services, or use servers to transmit propaganda, spam, or malicious code.
The challenge today is that we access many resources that exist on the Internet. For convenience, these services are often open and accessible from anywhere on the Internet. This is great as it allows us to be mobile and always connected to our data and resources; the challenge is that others can attempt to access those same services. The primary protection we have is our passwords. Let’s be honest, we access hundreds of sites and services all the time, trying to remember all those username and passwords is a challenging task.
People commonly utilize a few different passwords across many, many sites and services. The significant risk is that if any of those sites or services becomes compromised a hacker gains your username and password. They will then attempt to try logging into other platforms in hopes you utilized the same credentials. If you did, their ability to access your account is effortless.
One method to help significantly reduce the risk of someone breaking into your account is to leverage multi-factor authentication. There are a variety of ways to leverage multi-factor authentication such as requiring it on each login or using it to set up a device that will be considered trusted.
Multi-Factor authentication works by requiring a method of verification that the login being attempted is actually you. Upon logging into the system it reaches out to a device that you have established as a trusted device requesting verification. This process could be done via text, through an authenticator application, a hardware token, or phone call. The system will ask you for validation that the login that is currently being processed is you and it’s safe to proceed.
With the use of multi-factor authentication the risk of someone being able to gain access to your accounts even if they know the password is limited. In this case, the attacker would have to gain control of your trusted device to be able to approve the sign in request.
For any accounts that are critical, such as your work accounts, financial, social media, and any accounts that could be used to steal from you or leverage your trust with others it is critical that you enable multi-factor authentication.
For example below are the directions for securing the Office 365, social media platform Facebook, financial services account Bank of America, and the developer platform Github. Many companies are now offering multi-factor authentication as part of their authentication options. While it may be an extra step, it’s better to know your accounts, data, and money are safe. Make sure to investigate the sites and services that you use to see if they support multi-factor authentication.
Office 365 – https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide
Facebook – https://www.facebook.com/help/loginapprovals
Bank of America – https://www.eff.org/deeplinks/2016/12/how-enable-two-factor-authentication-bank-america
Github – https://help.github.com/en/articles/securing-your-account-with-two-factor-authentication-2fa