Passwords aren’t enough!
Based on what’s on our readers minds from the poll, Jordan Plitteris, our IT Manager / Information Security Manager, offers his advice on what you should be looking out for in 2017.
These days, passwords aren’t enough. You might have heard about “Two-factor authentication” which I will abbreviate here as “2FA”. Even if your passwords are stolen, cracked, or otherwise compromised, 2FA can prevent unauthorized access to your vital on-line accounts. An attacker would have to be in possession of your cell phone (or other 2nd factor), as well as your password to gain access to your on-line systems..
The recent well-publicized hacks of the U.S. Democratic party chairman John Podesta’s e-mail accounts show that passwords can be stolen with malware, disguised as attachments from trusted colleagues. If Mr. Podesta had used 2FA, he would have been alerted when someone tried to use his stolen password to access his email account from an unknown computer. He then could have prevented the unauthorized access and immediately change his passwords.
The “two factors” of two factor authentications are commonly described as 1) Something you know (such as a password) and 2) Something you have (Such as a cellphone, or your fingerprint). One example of how it works is like this: When you try to access your on-line bank account, you identify yourself with your user id and password. You will then be asked for an additional code number. The bank then sends a text message to your cellphone containing the code-number. You enter this number and are granted access to your account.
There are other methods for authentication using the 2nd factor. Some sites can call your telephone and deliver a voice message that literally tells you the code. Google “Authenticator” is a well-known and widely supported method which does not depend on internet connectivity or even a phone connection for the 2nd factor. “Authenticator” is an app which runs on your smart phone or tablet. It generates a unique series of random numbers (tied to your device) every 30 seconds or so. The generated number is then used as the second code for authentication.
While 2FA cannot provide 100% security, it drastically reduces the possibilities of a breach by casual and opportunistic hackers.
Who supports it? Google, Yahoo, Microsoft (including Office 365), DropBox, and many others. I suggest if you’ve never used 2FA, get your feet wet with one of your current services, and enable it to try it out for yourself. Here is a link with a tutorial for enabling 2FA with Xbox: https://www.telesign.com/turnon2fa
With increasing incidents of identity theft and ransomware extortion schemes, 2FA is destined to become the standard method of accessing systems, and we should be prepared to give up a little of our convenience in exchange for stronger security in our private as well as our business lives.