Multifactor yourself!

Avatar

Have your credentials been hacked and dumped into haveibeenpwned?

Do you use one of the worst 2018 passwords?

Is your bank account password the same one than the one you used for that old website you registered years ago?

Increase password theft

Surely you have read the news, 773 million passwords hacked and made public under the name Collection#1, followed by Collection#2-5 with 2.2 billion passwords.
And this is just one example of the 54,700,000 results that Google shows if you search for “password data breach”. Data breaches here, there and everywhere…

password-data-dreach

Conclusion? Cybersecurity is increasingly important and passwords nowadays are WEAK. Even if you have a good password, full of ampersands and asterisks, it is still VERY WEAK.

The solution is Multi-factor authentication

According to Wikipedia: “Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).”

Two-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.
The most common example of 2FA (that you have already used for sure) is password + SMS received as a token on the phone.
Here you have a visual explanation:

  Social Engineering: How malicious people take advantage of human interaction

token-on-the-phone

With this simple method, as the “hacker” that stole your password doesn’t have access to your phone, he will not be able to enter your account, highly improving the security of your account with very little effort.
Most of the popular applications nowadays support this method (e.g. Google, Facebook, Instagram.)
P.S. Let me remind you that passwords still have to be strong to prevent hackers from easily stealing all of your data! Remember:

  • Long passwords
  • Complex passwords (capitals, numbers, symbols)
  • Passwords not related to your name, birthday, pet’s name etc.
  • Change your passwords frequently (90 days as a recommendation)
  • Do not repeat your passwords
  • DO NOT WRITE DOWN YOUR PASSWORD ON A POST-IT PLEASE!!

____

Author: Guillermo Sanchez

Leave a Comment

OWASPproteccin-de-datos-4