Cyber Tip: Protect Yourself with Two-Factor Authentication, by Scott Augenbaum (ME), FBI
Print this Article | Send to Colleague
October is National Cyber Security Awareness Month, and if you've heard any of our presentations, then you know we advocate the use of multi-factor authentication — or two-factor authentication — would have prevented a majority of our cyber crime investigations.
In many cases, an online password is all that separates the average person from financial or reputational harm —passwords are the way people log into their online lives: email, banking, social media accounts, cloud storage, and so much more. Often, in an effort to better remember passwords, users often minimize their size and complexity, use the same passwords for different online accounts, and don’t change them frequently, if at all.
Unfortunately, cyber criminals — sometimes using the least sophisticated means necessary (i.e., password guessing, defeating security questions, social engineering, and technical devices such as keyloggers) — obtain passwords more often than you think, which is why it’s important to add another level of protection between the cyber criminal and you.
Two-factor authentication, or TFA, adds that second level of protection. TFA is a technology that increases security by incorporating requirements beyond something you know (your password). Along with something you know, TFA can also include something you have (a dynamic token or PIN), something you are (a particular biometric), or somewhere you are (your location at the time of authentication).
The best thing is, TFA is usually offered as a free service for most home Internet users by many email service providers, social media platforms, cloud-based storage solutions, and even banking and finance sites (although sometimes you might have to search for it or contact the company). Most sites that employ TFA require a strong password and supply a PIN that changes at a set interval — users can receive those PINs very easily through text messages or mobile applications.
However, using TFA does not mean you don’t have to take extra care with your password: make it unique to your life but something not easily guessed, use a different one for each online account, write it down and store in a safe place away from your computer, and change it several times a year.
Many large businesses have already recognized the benefits of deploying TFA to their workforce and in doing so have dramatically reduced the risk of credential theft and the subsequent loss of sensitive or proprietary data. Small- and medium-sized businesses are encouraged to do the same.
Consider using it for all remote access into your corporate network and email, as well as commercial banking, Logmein, Gmail, Facebook, LinkedIn and the cloud. If you have any questions please feel free to contact me. TMEPA has all my contact information.
Unfortunately, cyber criminals — sometimes using the least sophisticated means necessary (i.e., password guessing, defeating security questions, social engineering, and technical devices such as keyloggers) — obtain passwords more often than you think, which is why it’s important to add another level of protection between the cyber criminal and you.
Two-factor authentication, or TFA, adds that second level of protection. TFA is a technology that increases security by incorporating requirements beyond something you know (your password). Along with something you know, TFA can also include something you have (a dynamic token or PIN), something you are (a particular biometric), or somewhere you are (your location at the time of authentication).
The best thing is, TFA is usually offered as a free service for most home Internet users by many email service providers, social media platforms, cloud-based storage solutions, and even banking and finance sites (although sometimes you might have to search for it or contact the company). Most sites that employ TFA require a strong password and supply a PIN that changes at a set interval — users can receive those PINs very easily through text messages or mobile applications.
However, using TFA does not mean you don’t have to take extra care with your password: make it unique to your life but something not easily guessed, use a different one for each online account, write it down and store in a safe place away from your computer, and change it several times a year.
Many large businesses have already recognized the benefits of deploying TFA to their workforce and in doing so have dramatically reduced the risk of credential theft and the subsequent loss of sensitive or proprietary data. Small- and medium-sized businesses are encouraged to do the same.
Consider using it for all remote access into your corporate network and email, as well as commercial banking, Logmein, Gmail, Facebook, LinkedIn and the cloud. If you have any questions please feel free to contact me. TMEPA has all my contact information.