facebook twitter instagram linkedin google youtube vimeo tumblr yelp rss email podcast phone blog search brokercheck brokercheck Play Pause

Beyond passwords

Utilize the power of multi-factor authentication.

Most people are aware of the importance of a strong password, but you may be surprised to learn that the overwhelming majority of cyberattacks actually make use of legitimate credentials. A recent study by cybersecurity group Crowdstrike found that 71 per cent of cloud intrusions or hacks were through valid accounts. But even if a password has been compromised, multi-factor authentication (MFA) acts as a shield to defend your online presence, frustrating cybercriminals and safeguarding your digital identity with its formidable, multi-layered security.  

You might be thinking, “I don’t need another step added to my login process – it already takes too much time and I can’t remember another passcode.” However, social media account takeovers are more likely to occur on accounts that don’t have MFA. And, once a social media account is taken over, a threat actor can access your other accounts, your network, your personal and financial information, or inject malware onto all the devices on your network.  

While setting up MFA on each platform can seem like an extensive and annoying process, this is one of the best ways to protect your accounts and the sensitive information they often contain.  

What is MFA and how does it work?  

MFA is an extra security measure to ensure the right person is gaining access to an account. When a user logs in to a network or device, MFA combines several different methods of verification. These methods generally include a username and password along with something a user has independently, like a token or passcode on a device or key fob. When MFA is activated for a device or account, the login process may or may not require an extra step of verification. Extra verification can include:

  • A personal identification number, or PIN
  • The answer to a personal security question, for example, “What was the name of your first pet?” 
  • A unique code sent as an email or text message
  • Biometric identifiers, such as facial recognition or a fingerprint scan 
  • A standalone app that requires you to approve each attempt to access an account
  • A secure token or separate piece of physical hardware that verifies a person’s identity  

Once MFA is set up for a specific website, device or social platform, it might even make your login process easier.  

Understanding authenticators 

Setting up an authenticator is one effective way to protect your accounts. Authentication apps on the market include Google Authenticator, Duo Mobile, and Microsoft Authenticator. Think of these apps as little vaults to which you have the only set of keys. These apps link directly to your accounts and provide a specific, time-sensitive code to allow access to a platform whenever someone is logging in from an unrecognized or unauthorized device. This makes an account takeover by a threat actor much more difficult.  

Setting up an authenticator for your social sites may seem like a heavy task to take on, but MFA is the closest you’ll get to completely locking down your accounts while we are still reliant on passwords for access.  

Personal and professional  

With more phishing attempts leading to account takeovers, not only is your personal data at risk, the data for the company you work for may also be, as well. While you may not connect your social media accounts and your professional life, threat actors can use personal information from those accounts to target your organization. For this reason, cybersecurity professionals highly recommend the use of MFA on both personal and professional accounts.  

Larger corporations with more data, more revenue and a reputation to uphold can be especially attractive as trophy targets to cybercriminals. Criminals can demand a larger ransom and cost companies their customer base. Employing MFA on all personal and company-related accounts can raise the bar to a level that could convince a cybercriminal to try somewhere else. Even if you believe you’re cautious or unlikely to be targeted, everyone is at risk and should do their part to stay secure. 

Financial Advisor Websites by Twenty Over Ten Powered by Twenty Over Ten