A Multi-Factor Authentication How-to-Guide
Simple tips to secure it.
Have you noticed how often security breaches, stolen data, and identity thefts are consistently front-page news these days? Perhaps you, or someone you know, has been a victim of cyber criminals who stole personal information, banking credentials, or more. As these incidents become more prevalent, consider using multi-factor authentication, also called strong authentication, or two-factor authentication. This technology may already be familiar to you, as many banking and financial institutions require both a password and one of the following to log in: a call, email, or text containing a code. By applying these principles of verification to more of your personal accounts, such as email, social media, and more, you can better secure your information and identity online.
What it is.
Multifactor authentication (MFA) is defined as a security process that requires more than one method of authentication from independent sources to verify the user’s identity. In other words, a person wishing to use the system is given access only after providing two or more pieces of information which uniquely identifies that person.
How it works.
There are three categories of credentials: something you either know, have, or are. Here are some examples in each category.
In order to gain access, your credentials must come from at least two different categories. One of the most common methods is to login using your user name and password. Then a unique one-time code will be generated and sent to your phone or email, which you would then enter within the allotted amount of time. This unique code is the second factor.
When should it be used?
MFA should be used to add an additional layer of security around sites containing sensitive information, or whenever enhanced security is desirable. MFA makes it more difficult for unauthorized people to log in as the account holder. According to the National Institute of Standards and Technology (NIST) MFA should be used whenever possible, especially when it comes to your most sensitive data—like your primary email, financial accounts, and health records. Some organizations will require you to use MFA; with others it is optional. If you have the option to enable it, you should take the initiative to do so to protect your data and your identity.
Activate MFA on your accounts right away!
To learn how to activate MFA on your accounts, head to the Lock Down Your Login site, which provides instructions on how to apply this stronger form of security to many common websites and software products you may use. If any of your accounts are not listed on that resource site, look at your account settings or user profile and check whether MFA is an available option. If you see it there, consider implementing it right away.
User names and passwords are no longer sufficient to protect accounts with sensitive information. By using multifactor authentication, you can protect these accounts and reduce the risk of online fraud and identify theft. Consider also activating this feature on your social media accounts.
The Internet of Things
Internet of Things (IoT) or smart devices refers to any object or device that is connected to the Internet. This rapidly expanding set of “things,” which can send and receive data, includes cars, appliances, smart watches, lighting, home assistants, home security, and more. #BeCyberSmart to connect with confidence and protect your interconnected world.
Why should we care?
- Cars, appliances, wearables, lighting, health care, and home security all contain sensing devices that can talk to another machine and trigger other actions. Examples include devices that direct your car to an open spot in a parking lot; mechanisms that control energy use in your home; and tools that track eating, sleeping, and exercise habits.
- New Internet-connected devices provide a level of convenience in our lives, but they require that we share more information than ever.
- The security of this information, and the security of these devices, is not always guaranteed. Once your device connects to the Internet, you and your device could potentially be vulnerable to all sorts of risks.
- With more connected “things” entering our homes and our workplaces each day, it is important that everyone knows how to secure their digital lives.
Simple tips to own it.
- Shake up your password protocol. Change your device’s factory security settings from the default password. This is one of the most important steps to take in the protection of IoT devices. According to NIST guidance, you should consider using the longest password or passphrase permissible. Get creative and create a unique password for your IoT devices.
- Keep tabs on your apps. Many connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with apps running in the background or using default permissions you never realized you approved— gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.
- Secure your network. Properly secure the wireless network you use to connect Internet-enabled devices. Consider placing these devices on a separate and dedicated network.
- If you connect, you must protect. Whether it’s your computer, smartphone, game device, or other network devices, the best defense is to stay on top of things by updating to the latest security software, web browser, and operating systems. If you have the option to enable automatic updates to defend against the latest risks, turn it on.
Resource Links:
https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019