In the early days of using the internet, we were able to create online accounts with the password ‘Qwerty123’ and sit back, assured that we had been a good security-minded citizen.
This is certainly not the case anymore.
How passwords and authentication work
A single security password is referred to as one ‘factor’ authentication – the ‘what you know’ factor. This leaves the account incredibly vulnerable to attack – particularly where weak passwords, password reuse, and old passwords are concerned because if this sole factor becomes known to others, the account is compromised (along with any others using the same login details).
Did you know that more than 99.9 percent of Microsoft enterprise accounts that got hacked by attackers didn't use multi-factor authentication?
For this reason, many banks and financial providers now use what’s called two-factor or multi-factor authentication to protect customers’ details.
Two-factor authentication adds a ‘what you have’ factor – and you’ll likely be familiar with this from your online banking, where you have a one-time code sent to your phone or another device.
Combining ‘what you know’ (a password or PIN) with ‘what you have’ (a code sent to your phone or a code from a card reader or security token) drastically reduces the chance of your account being accessed by a cybercriminal.
NEVER to reveal those codes to a third party, since this is almost the only way a cybercriminal would be able to get into an account protected by two-factor or multi-factor authentication.
Multi-factor authentication combines additional layers of authentication, using the principle of ‘what you are’, which brings in elements such as biometrics – an eye scan, fingerprint, your voice, even a sound recording of your local environment on a laptop to match it with that on your phone.
How can I set this up?
The National Cyber Security Centre has created a quick guide to setting up multi-factor authentication on some of the more popular platforms. By setting aside half an hour today to review the security settings on your online accounts you could reduce your chance of having your account hacked by 99.9%.