Passphrases were so last week. Apply 2FA and use this security question hack to #BeCyberSmart

Last week we covered the needed upgrade from passwords to passphrases. But that’s still not enough to appropriately protect your accounts these days. You need one or more additional factors for secure authentication. But what’s a “factor” anyway?

A passphrase is one factor. It’s considered “something you know”. There are two other classic factors; “something you are” and “something you have”. 2FA usually means you must supply your username along with its associated passphrase, and then supply another factor from a different type category (i.e. two “something you know” factors does not count as 2FA). We have grown more familiar with “something you are” factors, aka biometrics, which include your face, voice or fingerprint, but the “something you have” factor is still the most common, like a device such as a smartphone, smartcard or hardware token like a YubiKey.

We use Google 2-Step to protect Williams accounts with “something you have” but please make sure you opt in to 2FA offerings whenever they are available from your bank, online retailer or other critical or sensitive services. I only allow a site to store my credit card information if it’s protected with 2FA. Multi-factor Authentication (MFA) is often used interchangeably with 2FA, but it also may be used more specifically to note authentication requirements where all three factor categories are required.

Security Question Hack:

Note: Only attempt this if you use a passphrase manager app

Security Questions are often used for account recovery and to verify your identity to a website. First generation security questions included things like your mother’s maiden name, and “What was the color of your first car” or “What elementary school did you attend for 2nd grade”. These are fine, unless someone else knows your maternal family, what color your first car was, or was a classmate of yours in second grade.

Instead, try this:

Q: What was the color of your first car?       A: Rhubarb


Q: What elementary school did you attend for 2nd grade?      A: Fuzzy Wuzzy

Because we can dissociate the answer from the question, it’s both more secure and imperative you store the answer somewhere safe, such as your passphrase app. Do your part, #BeCyberSmart this year and update your accounts that matter most!

More Information