How Two Factor Authentication Works
One of the biggest reasons that many people don’t opt into two-factor authentication willingly is because they don’t want the hassle of providing both factors. Who wants to dig out a usb dongle or get a code from their phone when they’ve already entered their password in properly? I know I certainly don’t (hence the fact I don’t always practice what I preach). But we’ve all heard about the Chase security breach, right? If not, read about it here. JPMorgan Chase tells customers it’s not necessary to change your password, though they won’t disclose who was affect and how much data was potentially stolen. So does that mean that passwords weren’t among the data in the breach? Not according to ZDNet. They report that Night Lion Security stated "if you have email addresses and you know which of JPMorgan’s services those email addresses are associated with (checking account, mortgage, credit card, etc), you can do a simple lookup against your database of five billion stolen username/password combos." Chase has not refuted this statement, instead saying that they don’t allow email addresses to be used as usernames, so this is not an issue and customers do not need to worry or change their passwords.
Of course, it seems to me that the real reason why Chase is not telling customers to worry is due to their two-factor authentication they require. Most Chase customers don’t even realize they are using it, because it’s not necessary every time you log in. It’s only necessary when you log in on a device you’ve never logged in from before. If the website does not recognize your device, you are prompted to choose how you’d like to receive your temporary authentication code: phone call, text message, or email … and what number or email address would you like it sent to. Of course, if your email or phones are compromised, then your bank account easily could be, too. But for those of us who use separate passwords for separate sites, and know our phones are safe and sound in our pockets or purses, even if my bank account password has been compromised, my account is still safe.
Keeping Your Accounts Secure
Using two-factor authentication is the absolute best way to ensure that your accounts - all of your accounts - are safe. The only safer option is to not have any online accounts to compromise. And since that isn’t really a viable option for anyone that doesn’t have great-grand children, two-factor authentication is the only way to go.
Keep in mind, to ensure that your security is complete, you need to enable two-factor authentication on everything that offers it. If your bank account uses two-factor authentication, but your email address - the email address used to verify your bank account - does not, it wouldn’t take long for a someone to access both your email, and then your bank account. Even if you use two-factor authentication and only allow the authentication to go to your phone, if you use a service like Google Voice to get your text messages and voicemails from a computer, and your associated google account does not use two-factor authentication, you’re leaving yourself vulnerable. In the end, when it comes to security - any security - it’s necessary to take every possible step to secure yourself. Doing anything short of everything you can invites disaster.
Why Security Is So Important
Aside from the obvious extreme life disrupting potential of having your accounts compromised, there is the potential for data loss. Generally, when your account is the one compromised, you won’t be the ones suffering viruses and malware that effectively locks your computer and causes you to lose data. No, if you are the one that is the victim of a hacker, you likely have bigger problems than one dead computer.
But if someone you know falls victim, you could find yourself an innocent (and unaware) bystander that because a casualty. One of the first things many hackers do when they gain access to an email account is send out mass emails to everyone you’ve ever emailed with an attachment that allows them to spread their reach. While these emails used to be easy to spot (badly worded by non-native english speakers, ludicrous schemes that are obviously ‘too-good-to-be-true’, etc), this is not the case anymore. Many of these type of emails look legitimate, and contain links or attachments that you would use because you trust the sender. Before you even have time to tell your friend that they have been hacked, you are compromised as well - or even worse, your computer is dead and your data is lost.
Take the extra time to ensure that you are using two-factor authentication for all your accounts, and encourage your friends and family to do the same. If needed, take the time to help your loved ones get it set up on all their accounts; it will take a lot less time to get them secure than it would to clean up the damage if their account is compromised.
If the worst happens, and you do end up losing data due to a compromised account, give us a call. We can help you recover your data, even if it is lost due to a virus. We can’t help you reset all your passwords or protect your identity, but we can ensure that you don’t lose valuable files on top of everything else. If you’ve lost data, don’t wait, call us today!