Stolen personal or company information is a major modern-day issue. Identity theft affects well over 15 million victims per year. Without multi-factor authentication, your accounts are more vulnerable. Access to your personally identifiable information (PII) may allow someone to impersonate you or someone you know. Sadly, this could give the criminal time to open new accounts in your name. In worst cases, it could take years, stress and lots of expense to straighten out the mess.
The recent news of an Australian teen’s incursions into Apple servers over the course of a year has many concerned. Reportedly, no personal data was stolen. But this should remind us of what could have happened. If anything, this latest incident should convince more people to get serious about the security of their internet accounts.
Multi-factor authentication ensures that even if your account is compromised, you will be alerted automatically. Once notified, you can take action.
What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) establishes ways for you to verify your identity when accessing an account or making changes. There are 3 factors.
Knowledge Factor: Something unique that only you should know such as a password or a personal identification number (PIN). Challenge-response questions verify your identity. Do not use anything that appears in your account – for example, your birthday or zip code.
Possession Factor: Digital information that only you should have. This information comes to you via text or through an alternate email account. You would type the information into a waiting screen or click on a link to get there and have the information inserted automatically. Your code may also be on a wireless tag, a card reader or a USB token. Software code generators can provide random codes that expire over a period of time.
Inherent Factor: Physically belonging to you, often biometric. This includes fingerprints and face, voice or iris recognition. It is even possible to track how your keystrokes fall to verify you nowadays!
Of these, the first two are most commonly used. They are very easy to set up. You must do this BEFORE you suspect your account has been accessed by someone else. It is not uncommon for an identity thief to immediately establish ways to keep you locked out of your own account.
After this is completed, be prepared to verify your identity when accessing your banking, social media or other accounts. You may also receive notifications when a new browser, computer or device logs into your account.
Once you have MFA squared away, don’t stop there. Fortify account security by protecting your computer or device as well. If you are unsure if you have MFA already, start from the beginning…
Lock the front door and set some rules
Don’t build your security castle on shifting sand. Secure your computer or mobile device with an access code or password, and intrusion protection. You could think of it like locking a room in a house, but not the front door.
Malware is any malicious software that causes disruption on the machine. Viruses, trojans and worms are all forms of malware. Malware can steal or destroy information, hijack a system or browser, use up space, or track what you are typing (keyboard logging). Human-assisted programs called “ransomware” trick you with fake messages. You may receive a spam phone call from someone pretending to represent a company. Your machine will be attacked if you grant access. One typical message tells you that you have been hacked, then you receive instructions on how to pay a ransom.
Step one: password protection
Protect computers with login passwords and use screen lock even if you step away for a moment. Protect personal devices with lock screen codes. Secure your work machines. Check with your network administrator to find out how. If you bring your own device (BYOD) for work, this is critical. In this way, you protect sensitive internal communications and the data of your correspondence and clientele.
Step two: install system protection
Install system protection software. Antivirus, anti-malware and firewall programs establish rules of permission on your machine.
While there are many free versions of anti-malware programs for computers and devices, go for the the paid versions. The fully loaded edition will have all features, automated updates and best options for support. Visit PC Mag’s Best Malware Removal and Protection Software of 2018 to view a list of possibilities. For best protection, look for a suite that provides antivirus, malware and firewall protection.
Step three: turn on Multi-Factor Authentication
Many accounts include elements of MFA on setup, particularly those for government sites, banking and brokerage firms. Then, when you access your account from a new device or try to get into your account settings to make an update, something may come on the screen to ask you to verify yourself. You may also find that your cloud-based email service or social media account tries to guide you to set up verification information if it is not present. Do you find this annoying and intrusive? These additional settings are there to protect you. You should set up MFA when prompted.
First, log in to your account. Then, go to settings and find the privacy and security section. Next, find the place to add an alternate email address, phone number, and perhaps some challenge-response questions. IMPORTANT – once you have set this up, you will need to remember to update your account with any changes that may happen later such as changing your mobile phone number.
During setup, confirm the changes by accessing the email address or mobile phone you entered by clicking a link or typing a code. Finish up by authorizing the additional email address or phone number. When you log back into your account, you should see your changes reflected there. Congratulations! You have now taken an important step towards securing your personal information.
There is no 100 percent guaranteed protection against anything that exists or has yet to be developed. But there is a way to make yourself a harder target by setting up Multi-Factor Authentication. Please do it today.
Anita Davis is part of the GovLoop Featured Contributor program, where we feature articles by government voices from all across the country (and world!). To see more Featured Contributor posts, click here.