Do you use the same password for multiple accounts because it’s too hard to remember multiple passwords?  According to a 2016 Verizon Data Breach Investigations report, approximately 63% of data breaches were due to weak or stolen passwords. If the credentials for one of your accounts becomes compromised, all your accounts that use the same password are vulnerable. Using a password manager is highly recommended to create and manage a unique password for each site as is the use of two-factor-authentication 2FA. For more information regarding password managers, see our Blog Post dated January 26, 2018 http://summitcomp.blogspot.com/2018/01/password-managers.html

What is 2FA, how does it work and will it make your online accounts more secure? Two-factor authentication is a process that requires two or more methods (also known as factors) to prove who you are. It is not a new concept. When you swipe your debit card or write a check, that is the first factor in the transaction. When you enter your PIN or present your drivers license, that is the second factor.  The second factor is generally something you possess. So does it work online and how does it protect your accounts?

When using 2FA, two out of three credentials are needed in order to access your accounts:

  • Something you know (PIN, Password, pattern)
  • Something you have (ATM card, phone or a fob)
  • Something you are (either a finger print or voice recognition)

When working on line with 2FA enabled, you will need to have more than just your password to access an account.  Once you enter your password (the first verification factor), you then receive a code via SMS or a prompt from an authentication app (this is the second factor).  For a hacker to gain access an account protected by 2FA they would need your username, password AND your phone.

So, what is the difference between using SMS codes versus an authentication app?  SMS alerts are seen as less secure versus using an authentication app like Google Authenticator, Microsoft Authenticator or Authy because SMS codes can be more easily hacked through your phone carrier in attacks that allow hackers to spy via the cell phone system. Also if you sync your phone messages with your laptop or tablet, a hacker can walk away with your device and receive full access. Google Prompt is also an option to use.  It is built into Google Now on Android and Google Search for IOS. Instead of using a 2FA code to sign in, you tap a notification from Google Prompt that is sent to you, asking if you are attempting to sign in.

By comparison, using an authenticator app where the codes remain within the app, makes it more difficult to be stolen, even if your number has been hacked and moved to a new phone.  Also, you no longer have to rely on your carrier.  Codes within the app expire quickly.  Using the authenticator also decreases the amount of time needed for the 2FA process.

So which do you prefer?  SMS? Authentication App? If you are not already using Two-factor-authentication for your online business accounts, can we persuade you to start doing so today? Let us know your thoughts and contact us for more information.