fbpx

Double-locking your things

What is Multi-Factor Authentication?

Most weeks I see posts on social media from other people, claiming their accounts have been hacked.  More than often, it’s not so much a “hack” but more likely, their credentials have been stolen or guessed. 

Hacking is often the least of their problems.

So, assuming it’s someone that I know, I ask them if they’ve changed their password yet.  They usually have.  I ask them for their email address and do a quick check to see if it’s coming up in any known breaches. 

Then I ask them if they’ve enabled MFA (Multi-factor Authentication) on their account.  The almost-inevitible answer is “Whuh?  What is that?”.

Google Authenticator on the App StoreMulti-factor authentication puts another, dynamically changing password (or numeric code in most cases) between the individual’s password being entered and eventual access to a service being granted.

This additional pass-code comes often via SMS/Text Message or from an Authenticator application such as Google Authenticator, Microsoft Authenticator or Authy.

Multi-Factor Authentication (MFA) | OCIOThese codes change for each use and mean that even if a would-be attacker manages to obtain your email address and password, they’d still need access to your device to gain access to your account.

Now, ideally, you would protect as many accounts as possible with MFA, but this won’t always be available or be practical.  So, at the very least, ensure that your critical and most important accounts are protected.  These usually include Email, Social Media, on-line Storage such as Dropbox, Box and OneDrive and of course, anything financially related such as online shopping, PayPal and so on.

Whatever service you’re using, the settings for Multi-Factor Authentication (also known as Two-Factor Authentication or 2FA), can usually be found under the settings for your profile, under the heading of “Security”.

If you’re using a service which does not offer MFA / 2FA, perhaps it’s time to move to one that does.

 

Handy Links

I’ve compiled a short list of links to help you enable MFA for some of the most commonly used services.  Most of you are on Lockdown due to Covid-19, so boredom may well be kicking in now.  What better time to start securing your accounts than now?

 

Google Accounts (including Gmail)

https://support.google.com/accounts/answer/185839?co=GENIE.Platform%3DDesktop&hl=en

Microsoft (Including Hotmail)

https://support.microsoft.com/en-us/help/12408/microsoft-account-how-to-use-two-step-verification

Twitter

https://help.twitter.com/en/managing-your-account/two-factor-authentication

Facebook

https://www.facebook.com/notes/facebook-security/two-factor-authentication-for-facebook-now-easier-to-set-up/10155341377090766/

LinkedIn

https://www.linkedin.com/help/linkedin/answer/544/turn-two-step-verification-on-and-off?lang=en

Apple Account

https://support.apple.com/en-gb/HT204915

Amazon

https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=202073820

PayPal

https://authy.com/guides/paypal/

eBay

https://nakedsecurity.sophos.com/2018/05/31/how-to-set-up-2fa-on-ebay-go-do-it-now/

 

Leave a Reply

Your email address will not be published. Required fields are marked *