Where is this coming from?

I met somebody earlier this week who had been in one of my training sessions earlier this year. They had been going on about the changes they had made as result of that training course. The main one he was delighted with was the use of an authenticator app for multi-factor authentication or two factor authentication.

He had put this on, on many of his accounts and he was delighted with it. Because when he had checked his email addresses on www.HaveIBeenPwned.com he found that he had been in a number of data breaches and that his passwords had been exposed in those data breaches. So he made absolutely certain put on multi-factor authentication on those accounts.

That sounds like a good course of action

Then I asked him “and you changed your passwords. Right?”

He said “No. No. I can never remember … I always forget my passwords when I change them. So I use the same password all the time. But now the accounts are fully protected sure with the MFA.”

What is wrong with that?

But I was explaining to him that if he continued to use the same password, that has been included in a data breach, then this is going to be in the public domain and criminals are going to be using that password to try and break into any other accounts that he might have, that he might not have protected with MFA.

So poor passwords and MFA is not a good idea

So really he needed to go and make an investment and get himself a password manager and I reiterated that and I will always keep saying you should use a password manager to generate unique long strong passwords for every single account that you have online. Let the password manager remember them. That’s it’s job.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 090 Poor Passwords and MFA appeared first on L2 Cyber Security Solutions.

Before we get into multi-factor, let’s talk about single-factor. What is that?

What is Single-Factor Authentication

When you go to sign into some application or your email or LinkedIn, you type in your user ID and password and you get in. That is a single factor authentication. Your password is the one and only factor that’s used. So if the bad guys get your password by some nefarious means, by looking over your shoulder or compromising your password in some other way, once they have that, they are able to sign in as you.

What is Multi-Factor Authentication

But with multi-factor, you’re adding a second or another factor to authenticate you and prevent the bad guys from getting in. So we’ll cover off three types:

1 – SMS Text Message

The first type is using an SMS text message. So in this situation, you type in your user ID and password and you’ll get the service or application that you’re signing into to send you a text message with a six-digit code that you enter on the website to get in and that’s your second factor or multi-factor.

2 – Code Generator

The second type is using a code generator app on your phone or through a little hardware key that generates a 6 digit code for you and the same thing, user ID, password and then you get the code from your app to sign in.

3 – Security Key

And third, the most secure of all is using a security key. So these are little dongles that you plug into your laptop or into your phone. And when you get to have to authenticate to a service or application, you press the button on the security key and that authenticates you and then you’re in. So that’s multi-factor authentication.

So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.

www.L2CyberSecurity.com

www.twitter.com/L2Cyber

The post #WeekendWisdom 017 Multi-Factor Authentication appeared first on L2 Cyber Security Solutions.