Lock Down Your Login
Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
To use many of the services on the Internet today, such as email, online banking or online shopping, you must first prove you are who you say you are. This process of proving your identity is known as authentication. Authentication is done by using something you know (such as your password), something you have (such as your smartphone), or something unique to you (such as a retinal scan or fingerprint). Traditionally, one of the most common ways of authenticating has been a username and a password. The problem with using just a password for authentication is simple: all an attacker needs to do is guess or compromise your password and they gain instant access to your online account and information. If you use the same username and password for multiple accounts, the harm can be even far greater. To better protect your online accounts, websites are moving to stronger authentication methods that require the use of more than one factor to authenticate.
Stronger authentication uses more than one factor; not only do you have to know something like your password, but you have to have something (such as your smartphone) or present something unique to you (such as your fingerprint). Two-factor authentication is exactly what it sounds like; you need two factors to prove who you are instead of just one. A common example of two-factor authentication is your ATM card. To access your ATM you need to have something (your ATM card) and you need to know something (your PIN). If an attacker steals your ATM card, it does them no good unless they also know your PIN (which is why you never want to write your PIN on the card). By requiring two factors for authentication you are better protected as opposed to just one. Two-factor authentication works online in a manner similar to your ATM card and PIN combination. You use your username and password when you want to access your online accounts. However, after you successfully enter the correct password, instead of going directly to your accounts the site requires a second factor of authentication, such as a verification code or your fingerprint. If you do not have the second factor then you are not granted access. This second step protects you. If an attacker has compromised your password, you and your account are still safe, as the attacker cannot complete the second step without having the second factor.
Let’s walk through an example of how two-factor authentication can work. One of the most widely used online services is Gmail. Many people authenticate to their Gmail account or other Google services with their username and password. Google now offers improved security with two-factor authentication, or what Google calls two-step verification. Google’s two-step verification requires two things for authentication: your password (something you know) and your smartphone (something you have). To prove you have your smartphone, Google will send it a one-time verification code via SMS that is unique for you (note that messaging charges may apply; check your service plan for information). You then enter the code. Also, if you prefer, instead of Google sending you the one-time verification code via SMS, you can install an app that generates the unique code for you.
Use the instructions below to learn how to lock down your login by turning on strong authentication on popular websites and services.
Information provided via SANS and Stop.Think.Connect.