Cyber Security Month Tech Tip #5
Welcome and hello Digital Citizens. Once again I hope you all are having a great and safe Cyber Security Awareness Month (#cybersecuritymonth). Throughout the entire month of October you will see different people and organizations on the Internet share tips that will help people think a little more about protecting the digital identity, information, location of themselves as well as their friends and family. Many users of the Internet don't realize how easy it is to give away too much information about themselves. So October was picked to show people how to use the Internet more carefully. And I've decided to share a couple of tips I've picked up to pass along.
More Than Just A Password (2 Factor Authentication)
It goes without saying that if you are use to computer systems you know what a password is. If you have used an iPad, smart phone, laptop or email system you have had to use a password to enter any of those systems (and hopefully you are using a strong complex password). But in a world of phishing schemes and systems break-ins it is very possible that your password can fall into the hands of “the bad guys” even if you don't do anything wrong. And someone with your password can enter your system most times without you knowing and take your data as well as impersonate you online. So it is helpful to have an extra layer of protection for your systems along with your password. Enter 2 Factor Authentication.
2 Factor Authentication (2FA) is an extra layer of security that you have to proved to a computer system to prove you are in fact you. The general idea is that along with your username and password which can fall into the hands of anyone in the world, a second form of identity that you and only you have on your person is used to prove to the computer system in question that you are you. That way even if Web Service Awesome is broken into and your password is unencrypted it is almost useless because they will be asked for an additional form of information before it give anyone access to your account.
Some common forms of 2FA include an app that generates semi random codes on your phone that you can enter into a system (Authy), a physical device that generates codes instead of your phone (RSA Token) and (YubiKey), or a system when messages are sent to a mobile device you register to confirm your are trying to log into a system (Google Prompt) (Google Second Step). Most major systems like your email, social networks, banks, and even ride sharing services accept 2FA to protect your account and personal information. One older form of 2FA involved using SMS text messages to send codes to your phone. Due to the lack of encryption and security on SMS it is usually recommend to avoid this option whenever possible.
2FA should be used on all your major accounts. The ones that you use the most. Like your bank, your primary email, and your primary social networking account. usually if any of these account fall into enemy hands they can be use to gain access to other accounts. So you want your first line of defense to be your strongest. Start slow though. I wish 2nd Factor was as easy as it sounds. But there is information associated with your keys and tokens they you need to keep in safe places so in case of an emergency you can regain access to your account. If you don't you may loose access forever. Sound scary but with proper precautions it is very hard to do. Just be careful all #cybersecuritymonth and beyond. And remember or pass along any helpful security tips you all October.
References