#5 Multi-factor Authentication — Gone Phishing?
The Success Story
Have you heard the success story? The one about how MFA stopped the hacker in his tracks, even with stolen login credentials?
A buddy of mine realized that someone had his username and password when he received an SMS or text message with a six-digit code from his bank.
Immediately, he logged into his bank account to check his balance, called the bank, and reported an attempt to hack into his account.
Thankfully, he prevented cybercrime by using MFA. He did not lose any funds.
Multi-Factor Authentication
Multifactor authentication (MFA) applies to the login or sign-on process, using two or more types of identity verification to grant access to an app or digital account. A username and password alone will not work to protect your digital information all the time.
MFA adds an extra step or layer of protection. It is not foolproof, but it is worth your time.
If your bank offers MFA (also referred to as two-factor authentication or 2FA), selecting it in your privacy and security settings makes good sense.
You can have the one-time passcode sent to your phone or email address on file. As the success story highlights, you can prevent the theft of your funds.
Fraudsters Go Phishing
Cybercrime is lucrative. Bad actors search for every way possible to trick humans and override cybersecurity technology investments to steal your money or identity or sell your personal information on the dark web.
Experts such as Roger Grimes at KnowBe4 have thoroughly reported the false sense of security derived from using MFA, recommending phishing-resistant MFA. These products are far less susceptible (yet not perfect) to some common social engineering and phishing than other products. If your vendor offers phishing-resistant MFA, that is an even better choice.
How do you defend yourself if all MFA solutions can be hacked and socially engineered? It does not mean that you should skip MFA altogether. The Cybersecurity and Infrastructure Security Agency (CISA) memo offers suggestions for implementing MFA for all users and services, including email, file sharing, and financial account access.
As daunting as this may sound, this aspect of MFA illustrates the dynamic and evolving nature of cyberattack vectors and methods. The monetary and intellectual property gains accessible to hackers drive their innovation, often keeping them one step ahead of defensive cyber solutions.
Will You Roll The Dice?
If you have heard about the benefits of MFA and ignored it, then doing so may fall within your risk tolerance level.
If you are new to the MFA world, check it out. It will take one minute to set up each account offering MFA or 2FA. It will take you 10 seconds to receive the one-time passcode and enter it in the box prompted by your account. Taking this step becomes a habit of how you log on to your account.
Will You Find Your Way?
How did the hacker access my friend’s username and password in the first place? He shared his login credentials in a text message supposedly sent by his bank a few days before while working from home on an urgent project. He let his guard down. He is human.
What is your story? Is it a success story?
33 Ways
You may already know how to avoid some of the scenarios discussed in my new award-winning book, 33 Ways Not To Screw Up Cybersecurity – available on Amazon in paperback here and Kindle version here. Way #5 is Multifactor Authentication (MFA).
Find the “Ways” you need to learn as you work from anywhere (WFA). Then pass the book to others who may need to find their way.
You may want to check out my website www.thecyberdawn.com where you can find resources, subscribe to our newsletter or reach out for information on our services, including speaking engagements, training, and communications.
There is hope.
Disclaimer
This blog post is made available for informational purposes and is not intended as a substitute for professional or legal advice. No attorney-client relationship is formed or implied between you, the author, or the website publisher.