Two-factor authentication, though often overlooked, is the one vital security component that can keep your information safe during data breach.
For a number of reasons, the tendency of users to ignore the implementation of that extra layer of security increases by the day.
Many think they do not need 2FA because their 32-digit password is difficult enough already. Others just don’t want the extra stress of having to create another layer of security after creating a password. Yet for others, they do not want to waste time when trying to catch up with their friends online after returning from the day’s work.
But which is more important? Keeping your personal information and privacy safe or risking it by listening to pleasure and laziness – online laziness, if I may. You may still think you do not need to implement two-factor authentication on all your important online accounts; the following report may make you change your mind.
In 2018, top agencies that were hacked include:
- AerServ (75,000 records)
- Bell Canada (100,000 records)
- Blank Media Games (7.6 million records)
- British Airways (380,000 records)
- Cathay Pacific Airways (9.4 million records)
- Centers for Medicare and Medicaid Services (75,000 records)
- Earl Enterprises (2 million records)
- HauteLook (28.5 million records)
- Marriot International (500 million records)
- Orbitz (880,000 records)
- Popsugar (123,857 records)
- Quora ( 100 million records)
- Reddit (unknown)
- SingHealth (1.5 million records)
- Tickefly (over 26 million records)
- Under Armour (150 million records)
And you never know whose next. There are a lot of other popular companies not on this list who have accidentally published or simply lost a good number or confidential records due to poor security.
Between 2018 and 2019, nearly 600 million records from Facebook lost their way due to poor security.
And when it has to do with social media and other closely linked accounts, the scary part of it is that your friend’s problem is your problem. Simply watching your social media account from your friends account can reveal much more about you than you will ever know.
These days simply clicking on a link in an email or sharing a USB Hub at the office or library or simply using a shop’s WiFi network can open your device to attackers. What’s worse? Attackers no longer need you to click on the bugged link. If you happen to use the same WiFi network with a anyone whose device is compromised, your device may be vulnerable too.
So being aware of this will help us to be more careful as far as online security is concerned. You need 2FA for your social media accounts and other important online and office accounts.
Using a Unique 2FA
In most cases, all you need for a two factor authentication is an email and a phone number. So if anyone is able to enter your password, they will need to enter a code which will be sent to your phone or email or both.
You may decide to twist the combination. Some security conscious people set up some form of multi-factor authentication that makes use of their email and then extend it to their phone number.
Here is how they do it. Say they are trying to protect an office account, they set up a two factor authentication that includes a password and an email notification with a code. Then they also set up a two-factor authentication on the email which will include a password and an SMS notification with a code.
But why not link your phone number to all your accounts at once? Why put an email in-between?
The truth is: having to access you email gives them that extra hassle. And don’t forget anyone could borrow you phone at anytime or you may leave it unlocked during an interesting football match. With this, it’s easier for a hacker to wait for that window to gain access to your locked accounts. This is why a lot of people want to keep email and phone verification separate.
Also, make sure your messages and notifications are not readable while your device is locked.
Apart from email and phone number notifications, multifactor authentications also incorporate voice, fingerprints, patterns, security questions and much more.
So what are you favourite combinations and in what order do you like them? Let us know in the comments session. Stay safe!
Hacking Records Source: Wikipedia