A dry topic to kick off the year, however one that is very important to those of you who have embraced cloud based services, whether for your personal or business use.
Have you ever considered what would happen if someone were to gain access to your Facebook account? How about Twitter? Now consider what happens if someone gains access to your email… You know, the one that you use for every service that you sign up for? Suddenly an attacker can reset your password for most of your online services and get the password reset notification to that compromised email account.
It might sound a little scary, but the reality is this happens every single day around the world.
The good news is that most of your favourite cloud services have steps that you can follow to minimise the risk by utilising two factor authentication. Some have it turned on by default…So what is it?
You may have noticed that when you sign up to certain services they ask you to enter your mobile number and then require you to enter a code that you receive via SMS – that’s two factor authentication. In order for you to log into a service, you need to enter something you know (your username and password) and something you have (the code you just received on your mobile phone). This is of course a simplification, however it does demonstrate how an attacker would need to take extra steps to then break into a service – they need to compromise your email as well as your mobile phone.
Sure, it might be inconvenient to have to grab your phone when you want to log into a service, however consider the effect on someone trying to compromise your account… Their job just got a whole lot harder (not impossible, just harder).
The great news is most popular services have options to enable this, and many enable it by default. Here are just a few links to get you started:
- Google (Gmail, Google Drive, YouTube, etc): https://www.google.com.au/landing/2step/
- Facebook: https://www.facebook.com/notes/facebook-engineering/introducing-login-approvals/10150172618258920/
- Microsoft Accounts (Outlook, Windows, etc): http://windows.microsoft.com/en-au/windows/two-step-verification-faq
- Twitter: https://blog.twitter.com/2013/getting-started-with-login-verification
- Amazon: https://www.amazon.com/gp/help/customer/display.html?nodeId=201596330
- LinkedIn: http://blog.linkedin.com/2013/05/31/protecting-your-linkedin-account-with-two-step-verification/
So why not protect yourself and enable two factor authentication on your most important personal and business accounts? It’s not a magic bullet, however it does give you a little extra piece of mind that you’re taking the right steps to help protect yourself online.