If you use Multi-Factor Authentication (MFA) for your business systems, then you know that it can give you a lot of piece of mind when protecting logins and other credentials. It’s also the right choice for personal security, but some people find it too much of a burden when they’re on the go. In today’s post, we’ll give you some strong reasons to do an audit of your personal security and authentication routines. But just like cleaning your workstation, it’s a process that you should regularly check up on.
1. Security and Convenience
Login and password combinations are good for making something a little less public, but shouldn’t be relied on for storing very sensitive information. MFA was somewhat widely adopted as a solution to all of the hacking tricks of the past: when someone attempts to log on with your login and password, you get an email or text message asking you to confirm that it’s you.
When MFA first became popular, it was kind of clunky to use on a mobile device. However, today’s mobile operating systems are good at handling app switching and notifications in a way that makes push notifications or responding to an email a convenient way of gaining much more security for your personal data. It’s much more convenient to set up Duo, Microsoft, or another MFA provider than having to do damage control after a data breach.
2. Modern Password Managers Work
It’s easy to dismiss login and password as a flawed form of authentication, but they’re still a key component of most secure authentication. The problem with our old style of password is that it needed to be human-memorable—something that we type in at a prompt from memory. Modern password managers make that process far more secure by taking our memory out of the equation, and replacing it with a vault. Pairing a top-of-the-line password manager with MFA is some of the best security you can have, since it requires attackers to successfully infiltrate multiple surfaces with different requirements (which greatly increases the needed complexity).
They can also have cool features like shared passwords (sharing a password between family members for a streaming service), and the ever-more-important dark web monitoring service. Dark web monitoring services look at what’s available in cybercriminal marketplaces to assess whether or not your passwords are compromised. That way, if one appears on a list of stolen credentials, you can use your password manager to generate a new one.
Using a service like LastPass, 1Password, or Bitwarden, you can store many more complex passwords than an average person can memorize, and they can all be unique to each site or service you use. The complexity is to make it harder for attackers to guess your passwords; the uniqueness is to quarantine any threats that get one of your logins.
3. One Hack Leads to Another
Without unique passwords to each of your accounts across the internet, one leaked credential can be the key to all of your other logins. If you use the same password for any two services, a breach at one makes the other one compromised. Attackers typically try to use your passwords for every known login that you use, to determine what else they can do with your compromised services. If they’re in your email, they may be able to reset other logins, if that address is used to confirm password changes with another service.
Services that don’t offer MFA are more susceptible to break-ins, especially social networking sites. If a hacker gets your social media login information, then they get access to all of the information you have in that platform, including your contacts and direct messages.
Your data being compromised is a big deal, not just for you, but for everyone in your social and professional circles. If your email account is compromised, the attacker doesn’t just take valuable information or steal funds from your accounts (which they definitely would like to do), but assumes your identity for further attacks. If they can impersonate you in an email, then they can victimize your friends and family by asking for personal or compromising details from them as well. The more someone trusts you, the more information an attacker that’s posing as you can pry away from them.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team