Magda On Cyber
Published in

Magda On Cyber

What is Two-Factor Authentication and Why Everyone Needs it?

This article is for everyone, for users who have social media accounts, users who have emails, and users who have online storage platforms.

It is for EVERYONE with an online presence.

Let us start with fundamentals. When you login to your email or social media account, you usually use your credentials:

  • A username; On a computer system, a username is a name that uniquely identifies someone. For example, a computer may be set up with several accounts, each with its own username. Many websites allow users to create an online account or customize their settings by selecting a username.
  • A password; a sequence of characters used to gain access to a computer device or service.

Traditionally, you — users — have been using just passwords to login to your online accounts. That, is not enough anymore to protect your accounts online.

First, your passwords, especially when they are eight (8) characters long or less, are easy to crack or hack. It requires less than 2 seconds to crack an alphanumerical password of 8 characters.

Source: BetterBuys

Second, passwords are reused across various platforms. You — users — use the same passwords again and again because it is easier to remember. Now, the issue with password reuse is that when one platform is breached, and your password is exposed, cybercriminals might use your password and tried it on other platforms. For example, if your password on LinkedIn has been leaked, criminals might try the same password on your email or Facebook account.

A good proactive way to monitor your online accounts is using password managers. Often the password managers will let you know when you have been part of a breach.

Another way to verify if you have been part of a breach is to check on the website HaveIbeenPwned: https://haveibeenpwned.com. The term “pwned” has video game roots and is a derivation of the word “owned.” “I was pwned in the Adobe data breach,” for example, is a phrase that implies that someone has been hacked.

Third, you — users — might use a simple guessable password. The top most common passwords for 2018 were:

  • 123456.
  • password.
  • 123456789.
  • 12345678.
  • 12345.
  • 111111.
  • 1234567.
  • sunshine.

Not all platforms online enforce password complexity, and not all platforms have the right security.

Now that I have explained the above, you must ensure that you practice suitable measures to protect your accounts online — all of your accounts. Below are a few tips — that you — users — must do now, not later, not tomorrow, not in a few days, but now!

Enable two-factor authentication on all of your online accounts

What is two-factor authentication or multi-factor authentication?

A computer user is given access to a website or application only after successfully submitting two or more pieces of evidence that it is the “ real “ user, for example, a password and a one-time-passcode.

To verify a user’s identity, two-factor authentication (2FA) uses two factors. Multi-factor authentication (MFA) can use just two or three factors to authenticate a user. Any number of factors greater than one is referred to as “multi-factor.”

How do I enable two-factor authentication?

Here are the instruction for WhatsApp: https://faq.whatsapp.com/general/verification/how-to-manage-two-step-verification-settings/?lang=en

Here are the instructions for Google: https://support.google.com/accounts/answer/185839?co=GENIE.Platform%3DAndroid&hl=en

Here are the instructions for LinkedIn: https://www.linkedin.com/help/linkedin/answer/544/turn-two-step-verification-on-and-off?lang=en

Here are the instructions for Facebook: https://www.facebook.com/business/help/280940009201586

Here are the instructions for Yahoo: https://help.yahoo.com/kb/enable-disable-two-step-verification-sln5013.html

Here are the instructions for Twitter: https://help.twitter.com/en/managing-your-account/two-factor-authentication

According to Apple’s design, access to the iOS device requires physical possession of the device, and Touch ID or Face ID requires a PIN or passcode to be activated. Any reset and acts that affect overall security, such as installing a software upgrade or enabling backups, require the PIN or passcode. Thus, it is considered two-factor authentication. (This might be debatable from a cybersecurity perspective)

Should I use SMS or a mobile application for the second factor?

SMS codes are not the most secure way to authenticate users. A few years ago, a vulnerability showed that cybercriminals might be able to steal the message content, or worse, take control of your phone number with what we call a sim-swap.

There are authenticator applications that allow you to configure a second-factor authentication. Rather than receiving the code over SMS, you will see it in your mobile application. The most popular ones are:

Duo Mobile (Enterprise), Google Authenticator (Consumer) and Microsoft Authenticator (Consumer).

Lastly, remember that 100% security does not exist. However, you need to ensure that you do your part in securing your accounts. No one else will do it for you.

Who am I ?

I am a keynote speaker, a serial entrepreneur and a senior cyber security expert. I am currently leading the cyber business for an international Fortune 500 insurance-broking firm in Asia.

I am a strong activist for women in security, and I founded the Women of Security Singapore Chapter (WoSEC), supporting female professionals in the industry.

I am a member of the Advisory Board for the Executive Summit at Black Hat Asia, and I am the co-founder of Responsible Cyber Pte. Ltd., a Singapore-based start-up with NUS Enterprise, the entrepreneurial arm of the National University of Singapore, and Singtel Innov8, the venture capital arm of the Singtel Group, as its shareholders. The company has been valued at 7 Million SGD in May 2020.

I have a PhD in Telecommunication Engineering issued by Telecom SudParis and speak fluently 5 languages.

My research topics have been focusing on Cyber Security, the future of localisation and positioning, education and more. My writings around cybersecurity have been featured by IEEE, RSA Conference, CYBERSEC, World Congress on Internet Security (WorldCIS-2016), CYBER RISK LEADERS Magazine, among others.

I speak about cybersecurity in general with a focus on cyber risk management, hacking and diversity and inclusion in the field.

I welcome you to watch some of my insights on Channel News Asia for a Documentary on the Dark Web (at 18:09mn approx): https://www.channelnewsasia.com/news/video-on-demand/the-dark-web

Follow me on Social Media:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dr Magda CHELLY, CISSP, PhD

Cyberfeminist | Entrepreneur | Former CISO | PhD, CISSP, S-CISO | CoFounder @R3sp_Cyb3r | @womenoncyber | Documentary The Dark Web on @myCanal