Cybersecurity month tip # 2 - Two factor authentication

Two factor authentication is a way to double lock your account. Instead of relying on one level of security (your password) it also requires something you have, like your cell phone or printed codes. Together these two things ensure that the person attempting to log onto your account is really you.

It’s easier than you think for someone to steal your password.

Any of these actions could put you at risk of having your password compromised:

  • Replying to emails with your username and password
  • Falling for phishing scams by entering a username and password on a web site due to the prompting of an email
  • Using the same password on more than one site
  • Downloading “sketchy” software from the Internet.

Two-factor authentication (also referred to as two-step or multi-factor authentication or verification or 2FA) is a way to ‘double lock’ your account. Instead of just having a single layer of security ‘something you know’, like your username and password, it also requires ‘something you have’ that is unique to you, like your cell phone. Together these 2 things prove that the person attempting to log onto your account is really you.

When someone has access to your primary email, these are some of the thing they could easily do:

  • Pretend to be you and send unwanted or harmful emails to your contacts
  • Use your account to reset the passwords for your other accounts (banking, shopping, etc.)

Google makes it easy to enable 2-step as do many other popular cloud services like Twitter, Facebook, Tumblr, PayPal and LinkedIn. Check with your bank or other financial services providers to see if they have it available. Most OIT staff have two factor enabled for our accounts. Feel free to contact us with any questions about how to set it up, or about our experiences with it turned on.