The Go Hustle Work & Play Location Guide is all about making it easier for you to play where you work. This week we’re heading to Agulhas…
MFA – multi-factor authentication – just got even more important. Here’s why…
If the likes of Tinder Swindler Simon and Inventing Anna have taught us anything, it’s that securing accounts and passwords is vital. A quick search of news articles on the topic reveals the usual culprits: 123456, 654321, qwerty and such still reign supreme as the most-used passwords.
Cybercriminals tend to publish hacked databases online to sell the data to others or brag about their coup. Scanning these, security researchers can see which passwords are the most common – and those are by their nature very poor. If you can guess ‘123456’ in a few seconds, imagine how quickly a computer can do it. Brendan Kotze, Chief Development Officer at cybersecurity company Performanta, weighs in…
Are your strong passwords strong enough?
“Strong passwords are good, but it’s fortunately not the only choice to make our world much safer from cybercriminals. There is another way, and we already use it every day. This one simple addition to our digital security can make it so much harder for criminals to breach our systems and steal our data,” says Brendan.
It’s called MFA
The solution is two-factor or multi-factor authentication (MFA). If we make 2022 the year of MFA, it will be a significant win against the unscrupulous criminals preying on us online. “Think of the last time you conducted a transaction through your online banking; chances are, you were sent a pin code via SMS or verified the transaction through a mobile alert or your banking app. You might also have noticed that more and more sites are using this mechanism. Gmail, Dropbox, Office365 and Facebook all provide 2FA and MFA checks to ensure you are you,” says Brendan.
When someone’s SIM card is swapped without their knowledge, they often think that’s the origin of an attack. “Criminals will first steal your log-in details, then use various techniques to convince a mobile operator that the phone number linked to your account has shifted to a new SIM. Then they can intercept those messages containing one-time pins or authentication prompts. The very reason why SIM swaps happen is an attempt to bypass multi-factor authentication,” he says.
Nothing in security is infallible
You must always be vigilant. “MFA makes it much harder for criminals to use stolen credentials. And online criminals are often pretty lazy. They’d rather hack someone without MFA than with MFA. Just the presence of MFA can deter many attacks,” he says. Fortunately, MFA is already widely available. Some businesses, such as banks, enforce its use, yet many more offer it as an option. If you make one security commitment for 2022, check the services you use for MFA support and activate it where available.
Dear business leaders….
Talk to your security staff about MFA support. Most cybersecurity companies provide MFA as part of their basic services. Users sometimes resist MFA, explains Brendan, because they see it as another hurdle they need to cross when logging in. “In a world where data moves freely between offices and homes, computers and mobile phones, criminals actively target people to steal their credentials. Phishing, which uses fake messages to dupe users into handing over log-in information, has grown by double and triple digits during 2021,” he says.
We still need passwords
“If someone is still using ‘123456’, it’s not the only thing stopping criminals from breaking in. MFA means sleeping easier at night – unless you are a cybercriminal. Then you have to do a lot more work or find an easier mark. MFA turns our connected world against the cowards that use it to rob us,” says Brendan.
Photo by Andrea Piacquadio/Pexels