Internet users are doomed.
I don’t mean you or me, because the fact that we’re reading this article on the Tripwire State of Security blog means we at least have a passing interest in protecting ourselves online.
No, I mean those folks who, like us, use the internet but don’t take the steps necessary to put in place the most rudimentary defences to prevent themselves from being hacked. Sadly, I suspect I’m talking about the vast majority of internet users.
Most people don’t use password managers to generate hard-to-crack unique passwords, preferring to rely on their puny brains instead and inevitably reusing login credentials between multiple services. Most people don’t run a VPN, leaving themselves exposed to having their data grabbed when they use a public Wi-Fi hotspot. And, as a presentation by Google software engineer Grzegorz Milka this week revealed, hardly anyone is is using two-factor authentication (2FA).
A well-implemented two-factor authentication system ensures that it’s no longer the case that the only thing stopping a hacker from being able to access your online account is whether they can determine your username (often just your email address) and password.
Even if a hacker has managed to determine your password (perhaps because you chose a poor one, or perhaps because you made the mistake of using the same password on multiple websites) then the two-factor authentication check will request that they enter a one-time six-digit passcode generated by a tag on your keyring or an authentication app on your smartphone.
No one-time passcode? No entry.
Clearly it’s a higher level of security, and one which is enough to encourage a typical hacker to look for someone else’s account to break into rather than yours.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/few-gmail-users-have-enabled-two-factor-authentication/