It’s the last day of 2019 and everyone should be thinking about their New Years Resolutions. You know those commitments you make with the best intentions and then never keep? Except, this time, you can’t ditch out on it. You simply MUST make this resolution stick and work towards it. The consequences are bad if you don’t.
To put it simply, you cannot keep using the same old few passwords on various sites. In reality, you never SHOULD have done this, but the risk now is even more severe as websites are being hacked daily, and if you use the same password on site A, then the bad guys will try it on site B and suddenly have access to the information you thought was secure.
Not only do you need to change passwords, but you also need to enable 2 Factor Authentication wherever it’s available. Yes, this is a pain in the butt, and it’s not optional, as in many cases it’s only the 2FA that prevents your known password being used elsewhere. I can hear it now, many of my non-techie friends saying “What the heck is 2 Factor Authentication” and more importantly “Why do I care???” Let me break it down for you.
What is 2 Factor Authentication? Well – 2FA (or Multifactor Authentication – MFA for short) is where you have something you know plus something you have in order to access a given website. The something you know is your username and password. The something you have is a token or one time password that you will also enter into the website. This one time token could be a code that is sent to your mobile phone or via an authenticator app you have on your phone. The website will then verify both pieces of information and let you in. If either piece of information is incorrect, you are blocked from entry.
Why do I care about 2 Factor Authentication? This is the easy bit. You see, most people as I mentioned earlier in the article are already using the same password on multiple websites. They do this because we as humans choose not to remember things we don’t consider important. The end result is that most people use the same few passwords for lots of sites. The bad guys know this and they are tracking all of the hacked websites and will build a list of your email address and the passwords you use. Then they will use these to try to break into common websites. Once they are in, they have your data. 2FA can thwart that as they will never have your one time token to go with your password.
If I have 2FA do I need to bother changing passwords of have them unique? YES YES YES – the reason you need to have unique passwords is to prevent the style of “credential stuffing” where they harvest the info as I mentioned above.
What next? – over the next few days, I’ll post a few more articles, firstly about password security and how to use a decent password manager and then about 2FA and the options you have available to you that are free or lost cost. I’ll be using my wife (the Remedial Massage Therapist) as a non-techie to vet the articles so that I don’t over techifie it as I seriously want everyone to understand and get just how serious this is.
So if your New Years Resolution did not include changing passwords and putting 2FA on, it should now. Do it – you won’t regret it.
Yes! I agree 100%. 2FA can protect you from so many types of online trouble. Do you have any tips on preparations to take just in case you lose your phone while traveling?
The thing that most people forget is if 2fa is optional and a small proportion of the user accounts don’t use it, then if those account will effectively weaken the security for the other users.
Exactly right. Not only 2FA now but conditional access policies to enhance and protect those accounts that can’t have 2FA enabled (lets face it some apps need accounts and can’t handle 2FA yet)