Blog

Two-factor authentication

Don’t want your accounts hacked? Google says two-factor authentication is your best bet

If getting your online accounts hacked (email, social media, financial accounts, etc.) keeps you up at night, or worries you at least a bit, there’s a bit of good news for users and business alike!

The war against cybercriminals may never be won, but the results of a year-long study conducted by Google with New York University and the University of California, San Diego show some promising results on the effectiveness of two-step and two-factor authentication to prevent online account hijacking.

The Bottomline: Simple Two-Factor Authentication Goes a Long Way

Google’s research shows that having a text message sent to your phone with a one-time-use code to verify your identity can prevent up to 100% of automated bot attacks and 96% of bulk phishing attacks (more about what this means below).

News are ever better for authenticator apps (applications installed on your smartphone that prompt you for authorization when there’s an attempt to access your account), preventing 100% of automated bot attacks and 99% of bulk phishing attacks.

Security keys (physical USB devices you must plug into your computer to gain access to an account) are currently the most secure way of preventing account hijacking

Keep in mind that two-factor authentication might be an effective method against hacking, but must be used in conjunction with other protection like good and unique passwords, password managers and awareness of what phishing email attacks look like.

What is account hijacking?

Simply put, account hijacking or takeover happens when a cybercriminal gains unauthorized access to your accounts and uses it to “retrieve the person’s personal information, perform financial transactions, create new accounts, and ask the account owner’s contacts for money or help with an illegitimate activity” Techopedia

Can you explain automated bot and phishing attacks?

Billions of user names and passwords are available and cheaply sold in the back market every day. Since hackers can’t try passwords one-by-one, they use automated tools (called bots) that allows them to cast a wide net and attempt to access millions of accounts simultaneously.

Phishing attacks are those fake emails we receive on a daily basis that appear to come from legitimate and trustworthy sources (a bank, Facebook, Office 365, etc.) and that trick us to take a specific action, like clicking on a link, downloading an attachment, or entering user names and passwords on a website. Once a user falls for the trick, scammers usually gain access to accounts and are able to take over.

What does this mean for the average user? No Excuses

  • Turn on two-factor authentication (2FA) on all accounts that support it, specially sensitive ones like financial institutions, email, social media and data storage
  • While text message-based 2FA provides decent basic protection, consider using an authenticator app wherever possible
  • 2FA is a must for business-related accounts including (and specially) email
  • If you need help setting up 2FA on your accounts go to TwoFactor.Org for step-by-step instructions
  • Unique and complex passwords are still a much needed layer of basic protection against hackers. To make life easier, sign up for a password manager service like LastPass or Dashlane (they both have a free option) to securely store and generate passwords

 

Envision Consulting

Envision Consulting

We started Envision Consulting for businesses that share our passion for building long- term and healthy relationships. While we might be technology experts, we’ve always known that trust, reliability and looking after a client’s best interest are paramount to succeeding in business. But in 2001 and to this day, there were few managed IT providers available that embodied our customer-centric values. There were countless support companies more interested in reacting to issues than paving the road forward for clients, making it far too difficult to build long-term relationships. We felt a strong pull to make something different, and we did.