Between high-profile attacks and a constant drip of new threats cropping up all over the place, talk about cybersecurity is at an all-time high. While it’s possible to take many complicated steps to secure and protect data, people often overlook a simple and effective method that is a fantastic first line of defense for your email.
Two-factor authentication (2FA)―also commonly known as multi-factor authentication―makes your personal accounts more secure from individual intruders. Think of it like putting two locks on your front door. 2FA is essentially made up of two of these three items: something you know (i.e. a password), something you have (i.e. a smartphone) and something you are (i.e. a biometric such as a fingerprint). Two passwords don’t fit into 2FA.
Historically, the problem was that if a password someone uses can be easily infiltrated, then a second one would be trivial to crack as well. For 2FA to be more secure, a random string of numbers or letters would need to be generated and delivered to the true email account holder. You might have seen those little tokens that generate random numbers, but one problem is they are small and easy to lose since they aren’t something you already have on you at all times.
The best solution would be something you have on you at all times; something that you’d feel hopelessly lost without: your smartphone.
Your smartphone is tied to a number to which only you have access. That number can receive text or multimedia messages that can be used to implement secure two-factor authentication. Your email provider or service can have the system generate a unique string of numbers or letters that will be used only one time after inputting the first password. This is also known as a one-time password (OTP) and is sometimes a time-based one-time password (TOTP) that expires after a certain amount of time. Since only you should have your phone, this method is often secure.
The common complaint is that this method takes extra time to log in or is inconvenient. Truthfully, that kind of thinking is shortsighted since not having access to your email from an email hack would be much more inconvenient. It’s impossible to ignore the threat and severity of compromised email systems in 2015 because it takes 30 seconds or longer to log in.
2FA might sound scary to implement, but it’s not. Most email systems have these features programmed in already, and the majority of implementation will be staff training. Ideally, most employees will have already heard about this from personal email address accounts promoting this more secure method of logging in.
Partner, Hosting and Managed Services
Email | LinkedIn
This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.