2FA – Do it and sleep better



2FA.  It sounds like either some gaming group or military acronym however it is not. It stands for 2 Factor Authentication, and it’s what may save you from being hacked.

Recently MySpace and not too long before that LinkedIn were hacked; the hackers obtained the usernames, email addresses and passwords of millions of users.  Since many people use the same password for multiple accounts, the hackers have begun to try other web accounts with the same email address and password.

As you can surmise this has lead to individuals having multiple other accounts hacked. My first obvious suggestion here is never use the same password twice. But let’s get back to how 2FA fits into all of this.

For accounts that have 2FA enabled, after you (or a hacker) enter your username and password to login a new dialog box appears asking for the numeric code that was just sent to your cell phone.  If you do not enter the code (completing the second step, hence the name 2 Factor Authentication) you cannot login to this account; and neither can a hacker in another country.

Many popular email services and financial institutions provide this service, such as Google, Apple, Microsoft, eBay, PayPal, Chase, and Bank of America to name a few.  I strongly suggest if you do not already have 2FA enabled on your accounts you should do so forthwith.

If you are not sure a web service that you use has 2FA you can check here at: https://twofactorauth.org/  

Do yourself a favor and stay a step ahead of the bad guys.  Your future self will thank you.


Edit 6/7/16 – Related –

TeamViewer confirms number of abused user accounts is “significant”

On Sunday, TeamViewer spokesman Axel Schmidt acknowledged to Ars that the number of takeovers was “significant,” but he continued to maintain that the compromises are the result of user passwords that were compromised through a cluster of recently exposed megabreaches involving more than 642 million passwords belonging to users of LinkedIn, MySpace, and other services.

Full Article – http://arstechnica.com/security/2016/06/teamviewer-says-theres-no-evidence-of-2fa-bypass-in-mass-account-hack/

Leave a Reply

search previous next tag category expand menu location phone mail time cart zoom edit close