Photo Credit: Darwin Laganzon
Would you rather inconvenience yourself by taking a few seconds longer to log in to any of your online accounts by using multi-factor authentication – that may have sensitive data or that special photos backed up – or take the convenience road and risk being hacked? And yes, it’s becoming easier to hack passwords.
Account Hacking
Microsoft shared research data on hacked user accounts and revealed the biggest reason why the accounts get hacked and it is something so small and absurd. You may want to sit down for these numbers.
Microsoft pointed out that about 30 billion logins occur every day and that just 0.5% of those get hacked. So what is the big deal if only 0.5% gets hacked?
Taken into account that there are more than one billion active users using Microsoft accounts, it adds up to around 50 million getting hacked. Microsoft reported that in January only, 1.2 million accounts were hacked. To put it into perspective, it’s about 85% of the population of South Africa.
Now you may ask yourself, am I at risk? Answer the following question quietly to yourself: do you use only a username and password to log into your online accounts? Or do you use more than one method to confirm that it’s really you signing in?
If you answered yes to the former, you may want to keep reading.
Multi-Factor Authentication
To make sure your accounts stay safe and only you log in to it, you can activate multi-factor authentication or two-factor authentication. Most services have the option and will ask you when signing up whether you want to enable it. Don’t worry, you will be guided through the step-by-step set up in no time.
How does it work?
Two or more methods are used to verify that you own the account. There are a lot of accounts, especially banks and investment firms, that have this feature as a non-negotiable security measure.
Instead of giving you access to the account with just a username and password, a One Time Pin (OTP) or other authentication method is needed to successfully log in. If you enter your username and password correctly, you will be prompted to do another authentication. These multi-factor authentication methods come in different shapes.
OTP
As previously mentioned, the OTP is a pin, usually sent as an SMS to your cellphone. After you logged in successfully, you need to enter the pin to gain access to your account.
Authenticator App
Another method is by using an authenticator app that generates a new code every few seconds. Google and Facebook use the Google Authenticator app to generate a six-digit code every 30 seconds.
You need to enter the code into the box before it expires or wait for a new one to be displayed. Five seconds before it expires the code flashes red to let you know it will expire soon.
The email address or username used for login is displayed just beneath the code. If you have more than one Google or Facebook account, you will be able to see which code is generated which account.
Microsoft also uses an app. You may see an option to use passwordless sign-in. If you choose that option, you will not use a username and password to sign in, but approve it from your device, whether it be an iPhone, Apple Watch or Android device.
You may know this method from registering an account with your email address. An email is sent to you to verify your email address to prove that you have access to it. Email is sometimes also used as a multi-factor authentication method.
Indication of an Account Breach
Multi-factor authentication can also give you a heads-up to a possible account breach. The moment your username and password successfully log in to an account with multi-factor authentication enabled, you will receive an email, SMS or a notification on your device with a pin or other instruction to complete the login.
If you didn’t initiate the log-in, you know that someone knows your username and password. If this happens, don’t panic. Your account cannot be accessed without the code or without you approving it. The next step is to immediately log in yourself and change the password to something completely different.
Closing
I’ll be honest. Multi-factor authentication can be a real inconvenience but at the end of the day, I’d rather spend a few seconds longer to log in to an account than loose everything by wanting to save time.
If you have any questions about multi-factor authentication, please let me know in the comments and be on the lookout for more security tips in the near future.