Reviews, comparisons, and opinions about the latest technology products, services, trends and anything of interest to the thick glasses crowd!
Cybersecurity Awareness Tip 6: Use Multi-Factor Authentication
Cybersecurity Awareness Tip 6: Use multi-factor authentication when available and require it for email, phone, and financial accounts, but beware of security questions.
Authentication happens when you provide evidence to identify yourself. This happens when you board a plane, pay your taxes, open a locked door, withdraw money from a bank, or vote (at least in some states). Evidence can come in several forms, or factors, including:
Something you know, or a knowledge factor (e.g. a password, PIN, birthdate, mother's married name, answers to security question)
Something you have, or a possession factor, (e.g. a passport, driver's license, SSN card, ATM card, key, one-time password generator device, Universal 2nd Factor / U2F device)
Something you are, or a physical inherence factor (e.g. finger/eye/face/voice print, DNA)
Somewhere you are, or a location factor (e.g. in a building / room that requires secure access, in a specific geographical location)
For many years, a single piece of evidence (a single factor) was sufficient for identification. But criminals found ways to provide false identification. As technology advanced and online activity grew, cybercriminals found ways to circumvent the online single factor: passwords. Some debated whether passphrases with 4 or more random words (e.g. correct horse battery staple") are more secure than passwords because they are harder to guess and easier to remember. Others suggested resisting password reset questions - or answering them with lies. Since passwords and other knowledge factors will never go away, use a password manager and unique passwords.
Two Factors are Better Than One
Requiring more than one factor made false identification significantly more difficult because it requires the criminal to have access to all required factors. For example, having an ATM card (first factor) without knowing the PIN (2nd factor) makes the ATM card a worthless piece of plastic.
Can You Take That to the Bank?
Many banks and online accounts use a combination of password and a temporary PIN provided by test message, phone call or email. Although this is more secure than a password itself, criminals can intercept the temporary PIN, changing it from something you have (e.g. the phone that received the text message) to something else you know (the intercepted PIN). Different types of evidence is more secure than multiple pieces of the same type of evidence.
Disconnected Possession
Using a One-Time Password (OTP) app such as Authy on your mobile device enhances security because it requires physical access to your phone either with yet another phone password or PIN or with a biometric factor (e.g. fingerprint or facial recognition). The OTP app generates a "random" code using an agreed method that is synchronized between the app and the system requesting identity confirmation.
Hey, Let's Get Mikey to Try U2F!
Since the OTP app is software, it could still be hacked. Hardware-based authentication, such as a Universal 2nd Factor (U2F) security key, enables even more secure authentication by being physically connected (e.g. via USB) or by being in very close proximity (e.g. via NFC / Near Field Communication). USB and NFC are widely available on smart phones, tablets, laptops, desktops and more.
What's In Your Online Wallet?
So check out the multi-factor authentication options for your email, phone, and financial accounts, and protect your online wallet today.
Posted by:
kguske on Tuesday, October 05, 2021 @ 23:27:52 CDT
Related
