Introduction: Why do I need to protect myself?
Now more than ever, our daily lives are increasingly tied to our online presence. And with it, the global threat of hackers and key-logging viruses is increasing as well.
Have you ever used the same password for more than one account? Most people are aware they should use a unique password for each account, but many choose not to because it’s inconvenient / difficult to memorize them.
But that’s not all – nowadays, most people’s entire digital persona is available online. If your password is brute-forced, hijacked or circumvented in some fashion, a hacker could gain access to all of your social media accounts, your bank accounts or even your cell phone!
How is this possible? Because many of these services are tied to your personal email account. When you click the ‘forgot password’ link on your banking website, your cell provider or your Facebook account, where is the reset link sent to? Your email.
So how do you protect yourself? We’ll show you how!
What is 2FA & why is it so important?
2-factor authentication, also known as 2-step verification, is a means of securing your logins by requiring a secondary authentication method in addition to your password. Examples are:
- Answering a set of secret questions
- Using a code sent over text message
- Using a code from an app installed on your mobile phone
For the purposes of this article, we’ll be recommending the mobile authenticator app method – this method is the most secure. As you will see, these apps are quite simple to use and are free to download on iPhone & Android.
You have a choice between which app you prefer to use, as most of them will work with any service that supports 2FA, but to get you started, here’s list for you to choose from:
- Microsoft Authenticator – iPhone Download / Android Download
- Google Authenticator – iPhone Download / Android Download
- LastPass Authenticator – iPhone Download / Android Download
Here’s how it works:
- The app generates a random code every n seconds
- When you log into an account such as Facebook or Gmail, enter your password as you normally would
- If you’ve configured the account to use 2-step verification, you will be prompted to enter a code from your mobile phone after you punch in your password.
How does it protect me?
Because logging in requires physical access to your smartphone, this simple code is enough to protect you against a cyber attack even if a hacker steals your password.
OK, so I downloaded an authenticator app on my phone. What now?
This is where things get a little tricky. Each service has their own way of configuring Two-Factor Authentication, and some of them are not exactly ‘well-polished.’
The good news is, many of them have step-by-step documentation. For your convenience, we’ve created a list of how-to links for some of the most common services below:
- Apple ID – https://support.apple.com/en-us/HT204915
- Google – https://www.google.com/landing/2step/
- Microsoft – https://support.microsoft.com/en-ca/help/12408/microsoft-account-about-two-step-verification
- Facebook – https://www.facebook.com/help/148233965247823
- Twitter – https://support.twitter.com/articles/20170388
- LinkedIn – https://www.linkedin.com/help/linkedin/answer/544/turning-two-step-verification-on-and-off?lang=en
- Amazon – https://www.amazon.com/gp/help/customer/display.html?nodeId=201962420
- Instagram – https://www.facebook.com/help/instagram/566810106808145?helpref=hc_fnav
- Snapchat – https://support.snapchat.com/en-GB/article/enable-login-verification
- WhatsApp – https://faq.whatsapp.com/en/android/26000021/
- LastPass – https://helpdesk.lastpass.com/multifactor-authentication-options/
Sounds great! But what if the service I’m using doesn’t support authenticators?
Unfortunately, some companies are still using old, outdated methods of security e.g. secret questions or worse, nothing at all. So what can you do in this situation?
The best thing to do is contact these companies & voice your concerns about cyber security.
If enough people get together and let these companies know that our privacy and security are important, eventually they will listen!
Alternatively, you can vote with your wallet and switch to an alternative that does support two-factor. Here’s a great website that provides a very comprehensive list of these services: https://twofactorauth.org/
Additional ways to secure your account
So you’re stuck with a service provider that doesn’t use 2-factor, and you have no other alternatives. What do you do now?
Well, here are a couple of simple solutions we recommend using even if you have 2FA enabled:
Use a strong passphrase
What’s a the difference between a passphrase and a password? It’s commonly thought that strong passwords should contain random characters & are nearly impossible to remember.
However, a better method is to choose 3 or 4 random words, and simply type them out with spaces included. This is what’s known as a ‘passphrase’. Not only is it way easier to remember, using a passphrase is secure.
Use a password manager
Even using passphrases, you might still have trouble remembering logins for so many different accounts. This is where a password manager like Bitwarden comes in handy. This service is free, but they also offer a paid option which gives you some extra features.
How it works:
- You use a master password which unlocks access to the Bitwarden Vault
- The vault contains all your passwords
- The Bitwarden App can auto-fill passwords into web forms & iPhone / Android apps for you, which reduces the chances of being compromised by keyboard logging attacks
Using a password manager helps you keep track of all your passwords in a secure location, without having to write them down.
It’s also important to note that password managers support two-factor authentication & yes you should use it.
I need help with all of this!
Allow Leap Cloud Solutions to be the perfect partner for your business.
Book your free discovery call today to learn more.