Are you tired of cyber-security?  Do this, patch that, change passwords, recover passwords… the reality is that people are becoming so tired of security that they are either giving up entirely, or they are falling back on bad habits.  This article outlines a free tool that will improve your security, reduce your stress, and free up enough time to enable enhanced authentication on your most valuable online accounts! Let’s look at the current state of authentication today and the problems we all face.

What’s Authentication and Why is it Important?picture1

The theft of millions of online user accounts and passwords are no surprise to most people. Yahoo recently publicized the theft of more than 500 million user accounts. Earlier this year  Linked-In, Myspace, and DropBox each announced similar large breaches. What makes these breaches so damaging is that so many people reuse the same passwords between all their online accounts.  Stolen passwords put all your online accounts at critical risk because hackers know you reuse your passwords across all your online accounts! Once a hacker sees your username and password they immediately try logging into your critical online accounts such as Email and Banking.  Once into your email account, hackers have now breached one of the most critical accounts you have. Your online email account can now be used to reset passwords at many of your other website accounts simply by requesting a password recovery email!  Additionally, email accounts are a treasure trove of social engineering material to attack the friends and family of the compromised account owner!

All of these attacks have one thing at their core – they all start with authentication.  As a security concept, authentication is the process of comparing your current credentials, manually typed into a website, with the stored credentials in that website’s database (often stored unencrypted).  If they match, you get in.  Unfortunately, when you reuse credentials or even when you change the last numbers on your password from say “ILovecookies99” to “ILovecookies100” hackers know to try logging into your banking and webmail sites using passwords of “ILovecookies01” …02, …03 all the way through to “ILovecookies99999”.

Download and Learn a Password Manager to Ease Your Burden

As recommended by SANS Securing the Human, and numerous security professionals, including yours truly, every password we use must be unique at every site we visit online. This is easily accomplished using free (for personal use) and highly efficient password managers including DashLane and LastPass.  Modern Password Managers synchronize all your accounts between smartphones, laptops, and tablet’s alike.  Now, is a password manager truly full-proof?  No. Is it a necessary first step? Absolutely, yes!  However, for your truly critical high-value online accounts (banking and webmail) you need to enable an authentication method called Multi-Factor Authentication (“MFA”).

MFA Can Prevent Critical Accounts from Compromisepicture2

Multi-Factor Authentication (“MFA”) is the use of more than one authentication factor to access an account. Typically, for online accounts, this is a password (Knowledge question) and a randomly generated code (one-time password) from either an application, a text message, or a physical security token. These codes typically only last for 60 seconds and are virtually impossible to crack before expiration. Third factors commonly used are Biometrics, including fingerprints, voice recognition, or even your retina or palm print.  Most smartphones now use fingerprint authentication, except after reboot, when they require your password instead. MFA should be enabled for all your online critical accounts including: shopping websites (Amazon), financial accounts (Bank, PayPal, investments), webstores (iCloud, Google Play), and all online email accounts.

The benefits that MFA provide are the reason why the White House and numerous tech companies are urging customers to use this technology on all your critical account.  While strong unique passwords are still a necessity for each and every online account you own and operate, for those high-value accounts, the use of a password alone for security is no longer enough; you should strongly consider multi-factor authentication into these accounts.  Will it be less convenient?  Absolutely.  Will you avoid major headaches such as Identity theft, email embarrassment, and stolen accounts if you implement 2FA? Absolutely!

Call to action: Download and use a free password manager today to become more efficient, lessen the burden of remembering your favorite 5 or 6 passwords, greatly improve your overall security, and give you more than enough time back in your life to enable MFA on all your banking and email accounts!