How-Many-Factor-Authentication?
- Details
- Category: Articles
How many online accounts do you have? Are they safe from hackers and scammers? If so, that means you've probably been careful, or at least lucky.
These days, people are getting scammed in droves. Even when being careful!
I bet you use only a password to secure most of your accounts, right?
Your accounts with fingerprint or face recognition, such as Apple Pay® or Google Pay®, are pretty safe from hackers and scammers. But unfortunately, most online services don't offer that type of security.
Think about your email account; your online shopping account; even your fantasy sports account. I bet you use a password to secure most of those, right?
Adding an Extra Layer of Security
Two-factor authentication (2FA)
As you likely know, accounts secured only by a password can be easily hacked, especially if you are using the same password for every account, passwords that are easy to guess, or if you accidentally give away this information to a scammer. To cut down on these risks, using two-factor authentication can add an extra layer of security. Using 2FA, you sign in, and a code is sent to you via text or email that you need to verify. This has been the front runner for some time, but according to Scambusters.org, that is no longer your safest option.
Here's why:
Through a phishing scam (check out our phishing resources for more information on this type of scam here.), a scammer gets you to enter your login credentials on a phony login page (using keylogging; capturing the information you type remotely).
-
They then go to the real page you're trying to access, enter your login details, and the 2FA code is sent to you.
You enter the code on the phony site again (you were redirected there by the scammer), which automatically goes to the scammer; they're in your account with 2FA.
You could use an authenticator app (for example Google Authenticator), where the app is randomly generating 2FA codes for each service you use.
Or… What about using a password safe or password manager account?
These are programs that work like a vault for your passwords. You create an account and can store all your login credentials for all your online services in one place where it's also encrypted.
When you want to sign into an online account, you enter the vault's password (Yay! Just remember one password!), and the vault on your computer adds the correct password to the account you're logging into.
Sounds pretty handy and easy to use, right? While the convenience of using these types of services may seem like a great solution, a scammer can still figure out the password to your vault, or worse, hack into it! Then trouble starts all over again, with all your accounts.
If you are thinking about a safe for your passwords, search for reviews about one or two that look good to you. A hint: new players are entering this field all the time. Some have good products, some have rotten ones.
And then there's a "physical security key" you physically use to get into your accounts.
You put this key in a USB port or connect it to your computer via Bluetooth. You then link the unique key to the account that you want to secure. After doing this, if you want to log in, the account asks for a password and the physical key.
The key has an authentication protocol that is unique to that key. Therefore, only the key that you have linked to your account can be used to log in. Because you have this key with you, a hacker cannot try to log into your account remotely.
But there's one downside: you can't use these physical keys in combination with your mobile device. And the keys are pretty small, so they're easy to lose. And—again—there are many different providers (some are good, some are not, so make sure to do proper research!). But this setup could potentially keep you safe.
So, let's cut to the chase: do you have to worry about this night and day?
No. You just need to set up a good system, and pay attention to it and to everything you do online.
Our Recommendation
Our recommendation if you want to set up a good system without researching for hours online:
We like the combination of biometrics (face and fingerprint) and a two-factor ID password. You'll probably worry a lot less using both of these approaches.
And speaking of worrying less, here's our easiest tip of the day: check your online accounts regularly. If you've been hacked anywhere, the sooner you find it, the better.
Here's to being a safer online surfer! Good luck out there!
Cheers, Will