Keeping track of multiple, strong passwords can be a real chore – especially if you have several emails, bank accounts, and other services to access on a daily basis. It’s not surprising that adding two-factor (2FA) or multi-factor authentication (MFA) can feel like an extra annoyance, regardless of whether you’re protecting sensitive files.
But you know what’s worse than a nuisance that lasts a few seconds? Well, we’ve actually rounded up several of them. First off, let’s look at the sheer number of ways hackers can steal your password(s).
Password Theft Is Evolving
Sure, 80% of passwords are still terrible according to a Verizon data breach report. The fact that people use weak passwords or re-use the same one across multiple accounts certainly helps make the job easier for hackers.
But besides that, computing power has also accelerated exponentially, making brute force attacks much stronger than even a few years ago. And when service providers have brute force protections in place, there’s always the following:
- Keylogging – the victim’s device is usually compromised by malware that logs and sends keystrokes back to the cyber criminals, who inevitably find password and login information among the data they collect. Hardware keyloggers are also available; usually fitted to public computers, waiting for someone to log in real quick
- Phishing – hackers create pages that mimic legitimate services (banks, PayPal, etc.), then use email and other means to convince users that they need to “log in to update some information,” or similar trickery. Unwary victims end up handing over their account data on a silver platter
- Pharming – phishing on a wider scale, and without requiring a lure in the form of an email, SMS, and so on. Involves the use of malware to send victims to those fake websites instead
Data Breaches Happen More Often
It seems like you can’t wake up these days without hearing about some data breach affecting a major company – or an entire government. It’s estimated that over 4 billion records were exposed in the first half of 2019 alone.
The fact of the matter is that more companies and institutions than ever work with your personal data. It’s no longer a question of “if” but “when” yours gets out there as well. And unlike the methods described in the previous section, you don’t have much control over data breaches.
So now that you’ve seen just a few ways hackers can gain access to your accounts – what headaches can MFA help you avoid?
Rush to Reset
Let’s be honest here. Having to reset ALL your passwords because your email’s been compromised is probably the worst way you could spend your day. Even when the exposed account is something inessential (like this MyFitnessPal case) – if you happen to re-use passwords, hackers will use that to their advantage.
Of course, sitting around for hours, resetting passwords across services is actually a best case scenario. If you don’t manage to react in time, you end up in the following cases.
Waiting on Banks and Credit Companies
Have you ever had to deal with bank or credit card company paperwork? Employees passing you on to someone else, being put on hold multiple times – to many of you, this bureaucratic inefficiency will sound familiar.
Now, imagine you’re racing against the clock. A hacker managed to get a hold of your home banking info and your money’s all gone. You call your bank to report this activity, but you’re just met with a robotic voice telling you to wait, “someone will be with you shortly.”
Unfortunately, this happens more often than you’d think. In the UK, for example, seven out of the top 12 online banking services don’t even offer 2FA to their users – leaving them stuck in situations such as the one above.
Avoid Identity Theft
What’s worse than having all your money stolen? Cybercriminals using your personal information to commit fraud – tax, medical insurance, you name it. Not only can they leave you penniless, but also deal great damage to your credit scores and record in general.
That and getting the authorities involved (if recovery is still possible at that point) will leave you wasting time, money, and brain cells on something easily avoidable.
What You Can Do
We mentioned in the beginning that maintaining so many passwords for daily use can be a nightmare. According to a report, the average business employee has to keep track of a whopping 191 passwords. Any one of those can be the weakest link to find out the rest of them.
Fortunately, that process doesn’t need to be a pain. You can create and store strong, randomized passwords offline using KeePass – the gold standard for password managers.
The software is free and open-source (FOSS), meaning anybody online can take a peek at the code and see if it delivers on its promises of security. Tech experts can also provide feedback to patch up any vulnerability as soon as possible. Passwords are stored on your device in an encrypted form and kept away from online cloud storage as this would create another data breach point.
Is SMS 2FA Enough?
Now, the other thing you can do (if it wasn’t obvious already) is to enable text-based authentication on your main accounts, at the very least. The thing is, SMS 2FA is also vulnerable to certain attacks. For example, phone porting – criminals impersonating you and switching your phone number to another carrier. Any authentication tokens you’d get are instead received by the criminal’s phone.
Still, it’s much better than no 2FA at all. A stronger method would be to use an authenticator app (such as Google Authenticator, Authy, etc.) that generates authentication codes on your phone instead of relying on texts.
If you want to go even further, there are hardware tokens that you can insert in your USB port (or tap it against your phone) as a literal “authentication key.” A great way to secure your data and feel like James Bond doing it.
We hope you find this information helpful, and have started your plan for protecting your information. We recommend setting aside time to strategically organize your passwords and authentication methods – no need to frantically try to address all of this information, or you may miss something important. Take your time doing so, and you will be set up for success. For more in depth information, and the best reads out there about reviews, tips and suggestions on online security feel free to visit ProPrivacy.