“Hundreds of thousands of Norwegians’ passwords leaked online”. This was the headline of an article on DinSide.no in October this year, and unfortunately one of a great many highlighting the fact that usernames and passwords are more and more frequently being compromised and posted openly on the internet. Many people use the same password to log in to all services and systems online, and are therefore more vulnerable to multiple accounts being affected if a password is compromised. This can mean not only your Facebook profile being compromised, but also e-mail and payment services with the same password. By adopting an extra layer of security, such as 2-factor authentication, you are better protected against any attacks.
Multiple methods of authentication
A beloved child has many names, as they say, and 2-factor authentication is no different. It is also often called 2FA, 2-step login or 2-step verification, and has been around for many years now. A Visa card is one example. The physical card is not enough to withdraw money from a cashpoint, as you have to enter the correct accompanying PIN code in order to make a withdrawal. Online 2-factor authentication works in the same way. With 2-factor authentication, not all hope is lost if your username and password are stolen, as a potential hacker needs more than those to gain access to your accounts and information.
Today a great many bona fide websites and services support 2FA, and it is not normally a difficult process to set up. Websites that offer this have a step-by-step process for activation, which generally involves selecting one or more methods as an extra layer of security.
This can be anything from confirming login by means of a text (registered mobile number) to PIN codes, bank ID and authentication apps (such as Authenticator from Google, which is supported by numerous websites). It is often also possible to “approve” and store your login on a device (for example, on your own laptop) for a given time period, so that you are not required to go through the whole process of authentication each time you log in. However, if someone tries to log into your user account on an unknown device, he or she will be faced with the extra security requirement, and thus will not be able to hack in. The methods you can choose vary from website to website.
2-factor authentication provides security
How secure is 2-factor authentication? Unfortunately nothing is 100% secure, but Google, among others, has conducted thorough tests with regard to 2FA and the conclusion is clear: it provides a very high level of security and both Google and other security companies around the world are unanimous in their opinion that this is something everyone should use. Personally, I use 2-factor authentication absolutely everywhere I shop using a card.
For those administering G Suite environments, it is very simple to set up and move users over to 2FA, and this is something we recommend activating as standard in the organisation. If anyone would like assistance with this, just get in touch with us and we will be happy to help!
And finally, a couple of tips to make the world even more secure (for yourself at any rate)…
- Don’t use the same password for multiple online accounts.
- Make sure that your passwords contain at least 8 characters, a unique combination of capital and small letters and numbers (and ideally symbols)
- And DON’T use common words, addresses, family birthdays or your telephone number. Anything that can easily be looked up about you as a person will be the first thing that a hacker will try.
If you are wondering whether your login data has been compromised, you can visit the following website to check: https://haveibeenpwned.com.