Lately, cyber security professionals have been promoting the use of Multifactor Authentication (also known as 2 Factor Authentication) with your online accounts. According to Microsoft, multifactor authentication (MFA) blocks 99.9% of automated attacks on user accounts.
MFA adds a layer of security to our traditional ID and
password method of gaining access to online accounts. Your ID and password is a
factor that tells the custodian of your account that you have a right to use
that account. This is something you know. But if someone else can find out your
ID and password they can also gain access to your account because they know
your ID and password. And if they are someone you do not want in your account, they
can cause a lot of mischief. What if that account is your bank account, credit
card account, or your email account?
According to some sources, there are over 15 billion
passwords for sale by cybercriminals on the dark web. And 81 % of breaches
leverage stolen or weak passwords.
MFA adds a second factor to authenticating you as you.
That factor can be something you have, such as your smartphone, or something
you are, such as your fingerprint or face.
With MFA, when you enter your ID and password, the custodian
of your account might send you a code via email, text message to your phone, or
an authenticator app on your phone. You enter the code as a second step when
you sign in. This way, you verify who you are with your phone which is in your
possession. Someone else cannot pose as you because they do not have your
phone. Even if they have your ID and password, they don’t have your phone. If
they do have your phone, it is important to lock your phone with a PIN, fingerprint,
or facial scan, so that someone else cannot use your phone.
Authenticator apps are considered the best way to use
MFA because they are the most secure method of authentication.
Security is often considered to add inconvenience to
our online lives. MFA is not necessarily adding inconvenience. You will use MFA
the first time that you sign onto an account. But as long as you are from the
same computer or device as when you started you won’t have to use MFA. You
might have to use MFA if you access the account from a different device, after
changing your password, or if you have not accessed the account for a long
time.
As Microsoft has noted, MFA blocks 99.9% of automated
attacks on accounts. That leaves some room for successful attacks. The National
Cybersecurity Alliance has seen instances where hackers have circumvented MFA
by seeking MFA approval multiple times and the owner approves the log-in out of
confusion or annoyance. There also have been instances of scammers contacting
victims and asking for access to a bank account for example and telling the victim
to give the scammer the MFA code. A good rule of thumb is to not to approve
access to your account if you did not log-in to the account.
Major software developers have tried to provide another
easy-to-use layer of security to protect your privacy and your sensitive
information. You will use MFA occasionally. But you have the confidence that
other people will not have access to your accounts.
National Cybersecurity Alliance:
ZDNET:
Tom’s Guide:
https://www.tomsguide.com/news/google-2fa-50-percent-reduction
South Snohomish County Crime Watch:
https://ssnoccrimewatch.blogspot.com/2022/02/multifactor-authentication-new-way-to.html
No comments:
Post a Comment