Keep your accounts secure even if your passwords were compromised
- by Antoniy Yushkevych
- in Security
As cyber attacks become more and more common, protecting your personal data is becoming increasingly difficult. There are so many ways one could access one of your accounts. If the said account is your email account that you use for logins to your social media, then you are doomed.
Why? Because nearly all known password reset links are sent via email. If a malicious individual has full access to said email, they can use it to reset passwords on all the accounts that you use said email to login with. Then you will be locked out of your email, and all the aforementioned accounts.
We know this sounds very frightening, however, there are some measures in place that can help prevent this catastrophe from happening. One such measure is two-factor authentication which we will talk about today.
What Threats are Out There?
Before getting into preventative measures, we need to identify what exactly we should be wary of. Even if you have a very strong password, there are ways hackers could get access to your accounts without even ever having it through things like phishing scams and installing keyloggers on your machine.
Cracking Weak Passwords with Brute Force Attacks
If your password is just a word followed by some numbers, especially if it is not very long, hackers can brute force it. What does that mean? They run a script which attempts every single combination of characters and numbers until they get it right.
There is a way to test whether your password is susceptible to this style of attack with tools such as https://howsecureismypassword.net/, which will tell you approximately how long it would take a computer to crack your password.
Please note that you should not enter your exact password into these tools, but one of similar characters and format. For example, if your password is 777monovm@Pa55 then enter 936tokern#Rk67. As you can see, they are completely different to our eyes, but to a computer that is trying to crack it, they would be about the same since they consist of the same character types in the same positions.
Whenever you read any suggestions for creating a strong password, they always mention not to include any words that exist within a dictionary. This is because hackers can run scripts that enter every single word in the dictionary and even try different combinations of said words.
Therefore if your password is catsarecute , such an attack would crack it within minutes.
This is one nasty virus that you can catch while browsing the web. It simply runs in the background upon startup and records every single keypress that you do and shares it with the attacker. Not only are your passwords in danger, but your entire private conversations.
These attacks are a bit different from the rest, they do not actually install any malware or run any malicious scripts. These are sites on the internet that are nearly identical to legitimate popular sites such as Facebook and Twitter. Once you try to log in, however, they do nothing and send the login information you used to the attackers’ database.
How does Two-Factor Authentication Help?
Aside from the methods of attack mentioned previously, there are still countless ways one could gain access to your accounts. Two-factor authentication adds an extra step of security to prevent a malicious individual who has gotten access to your password from being able to log in to the account.
What is Two-Factor Authentication?
Two-factor authentication adds an extra level of security when you log into a website, online bank account, credit card portal, or any other site.
Almost any website that has a system with users will have single-factor authentication with a username and a password. Sometimes, however, even the strongest of passwords are simply not enough to keep an important account secure.
Two-factor authentication, as can be guessed from the name, requires one extra step to be able to log into a website or access an online account. First, you will have to enter the username and password in order to get to the second step. Then the site will, in most cases, send you a text message or email with a verification code that you will have to enter into the site to get access to the account.
Methods of 2-Factor Authentication
There are multiple ways websites can implement two-factor authentication and each one rolls with the method that works best for them. Here are some of the factors that different sites use.
- Knowledge Factor: This is the most commonly implemented method of 2FA (i.e. 2 Factor Authentication). Upon entering a username and password, you will need to enter a verification code sent to your mobile phone or email. Another example of this would be answering a security question that you set up when creating an account.
- Possession Factor: Probably the safest method, requiring actual hardware to log in. For instance, if you are working with highly classified data, it might be a good idea to set a physical USB key along with your computer’s password.
- Software Token Factor: Theses are apps that provide two-factor authentication, such as Google Authenticator.
- Biometric Factor: Either fingerprints, facial recognition or speech patterns are used as a second factor when logging into a website.
- Location Factor: Some sites will rely on your location to confirm your identity.
Why is Two-Factor Authentication Important?
Passwords have been the mainstream form of authentication since the start of the digital revolution. But, this security measure is far from infallible. Here are some worrying facts about this traditional security measure:
- 90% of passwords can be cracked in less than six hours.
- Two-thirds of people use the same password everywhere.
- Sophisticated cyber attackers have the power to test billions of passwords every second.
The vulnerability of passwords is the main reason for requiring and using 2FA. Two-factor authentication might seem like a hassle. After all, you’ll need to take an extra step to log onto your favorite websites.
But without 2FA, you could be leaving yourself vulnerable to cybercriminals who want to steal your personal identification, access your bank accounts, or hack into your online credit card portals. Why? Without a complex, unique password for each of your online accounts, a skilled hacker may be able to crack your passwords. And once they do, they can easily gain access to the personal and financial information in any accounts with that username and password combination.
Biometrics in 2FA
One of the major issues with passwords and tokens is that they can’t prove your identity. Biometrics solve that problem. Adding biometrics as an authentication factor is the best way to prove identity because your biometrics are you. Identity-based access control is a significant improvement over alternative authentication factors because you can’t forget it, you can’t lose it, and they are extremely difficult to steal and unique to you.
Biometrics are light years more secure than other authentication factors and make accessing sensitive information and remote servers easy and effective. Especially when you utilize smartphones to deploy biometric authentication. It’s so easy and effective, people who complain about 2FA being a nuisance won’t have anything to complain about anymore.
To make one final point, many consumers are concerned about protecting their biometrics. This is a valid concern, but if the biometrics are properly implemented it will actually enhance personal and professional privacy. Using techniques like visual cryptography and a distributed data model help make sure your biometrics and sensitive information will never end up in the wrong hands. This way you can use 2FA solutions and still be able to sleep at night knowing your biometrics and your data are safe.
Having two-factor authentication on your accounts is still not the end-all solution to protecting your online accounts. Along with 2FA you should also have strong passwords for all your accounts and use a different password for each one. For ease of use, we recommend using a password manager that will help you keep track of all of them.
We know you have surely heard this before but we will stress the importance of this statement again: have your password be at least 12 characters long and include both uppercase & lowercase letters along with numbers and special characters (such as &, #, $, etc.); do not include any dictionary words or personal information within the passwords such as birthdate, name, etc.
Keeping your personal computer malware-free is also crucial to the security of your online accounts as even certain types of 2FA can be deciphered with a keylogger. For instance, if the only type of two-factor authentication you have on one of your accounts is a security question, the keylogger will record the answer as well.