[SecurityNews] Passwords are your enemy, use two-factor authentication
Welcome back to [SecurityNews]. If you missed our first post, check it out here.
Everyone needs to use passwords, but they represent the most significant weakness in your online security.
In short - people choose bad passwords.
We all know the rules, choose a password with more than 6 (7, 8, 10+) characters, must include numbers and special characters, and must be randomly selected. The problem is that people are poor at random and this causes easy to guess combinations that just meets the criteria of a good password. Password1!, anyone?
Over the next couple of posts, I'll walk you through good password choice and how to manage your increasingly complex set of passwords. For now, though, there is one crucial step you should take on any high-value account.
Use two-factor authentication.
Two-factor authentication (2FA) often uses passwords, and then combines it with a second factor. Options for 2FA may include emailing an extra login-code, using a USB dongle, or an SMS to your phone. Fingerprint scanners, when combined with a password, are also a second factor. We can categorise factors using this scheme:
- What you know (i.e. a password)
- What you have (i.e. your phone)
- What you are (i.e. a fingerprint)
Choosing two distinct options from these three drastically increases your security. Think about what an attacker needs to do to break into a two-factor website. First, they need your password, which they can guess or maybe steal from your computer using a keylogger. Now, however, they also need to steal (and unlock) your phone to read the SMS second-factor. It is much less likely that an attacker can do both of these things before you realise.
I used the word "high-value" before. What does this mean? Some high-value accounts are obvious. Your cryptocurrency accounts are a good example, as is your online banking.
Less obvious is your email account, which may be more critical. When you get a password reset to a website, where does that email go? If an attacker has access to your primary email account, they can reset your passwords to other sites, gaining more access. In this vein, your email is the central nexus of your online life - protect it!
Any online bank, cryptocurrency trading website or email account worth their cost should allow two factor. Check the security settings of each website or app, and seriously consider switching to another provider if your provider doesn't have increased security options.
Two factor authentication is often quick and easy to set up, requires only a little more effort, and provides a drastic increase in security.