Implement multi-factor authentication on your accounts and make it significantly less likely you’ll get hacked.
It goes by many names: Two Factor Authentication. Multifactor Authentication. Two Step Factor Authentication. MFA. 2FA. They all mean the same thing: opting-into an extra step when trusted websites and applications ask you to confirm you’re really who you say you are.
Your bank, your social media network, your school, your workplace….they want to make sure you’re the one accessing your information. Therefore, instead of asking you for a password – which can be reused, more easily cracked, or stolen – they’re verifying it’s you by asking for two forms of information:
- They’ll ask for something you know …. like a PIN number or your sister’s middle name, along with
- Something you have …. like an authentication application or a confirmation text on your phone, or
- Something you are …. like a fingerprint or faceID
That second step is a lot harder for a hacker to fake. So, prove it’s you with two steps.
Now that you know what it is, you’ll see prompts for multifactor authentication all over. So opt-in. Start with your email account, then financial services, then social media accounts, then online stores, and don’t forget your gaming and streaming entertainment services!
Update your software. In fact, turn on automatic updates.
Bad actors will exploit flaws in the system. Network defenders are working hard to fix them as soon as they can, but their work relies on all of us updating our software with their latest fixes.
Update the operating system on your mobile phones, tablets, and laptops. And update your applications – especially the web browsers – on all your devices too. Leverage automatic updates for all devices, applications, and operating systems.
Think before you click. More than 90% of successful cyber-attacks start with a phishing email.
Have you ever seen a link that looks a little off? It looks like something you’ve seen before, but it says you need to change or enter a password. Or maybe it asks you to verify personal information. It could be a text message or even a phone call. They may pretend to be your email service, your boss, your bank, a friend…. The message may claim it needs your information because you’ve been a victim of cybercrime.
It’s likely a phishing scheme: a link or webpage that looks like it’s legitimate, but it’s actually a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware. Sadly, we are more likely to fall for phishing than we think.
If it’s a link you don’t recognize, trust your instincts and think before you click. We all need to Phight the Phish!
Use strong passwords, and ideally a password manager to generate and store unique passwords.
Did you know the most common password is “password”? Followed by “123456”? Using your child’s name with their birthday isn’t much better.
Picking a password that is easy is like locking your door but hanging the key on the doorknob. Anyone can get in.
Here are some tips for creating a stronger password. Make sure it’s:
- long – at least 15 characters,
- unique – never used anywhere else,
- and randomly generated – usually by a computer or password manager. They’re better than humans at being random.
Make sure you’re not recycling the same password across all your apps and websites. You can use a password manager to store all of your passwords. That way you don’t have to remember them all! If you go this route, make sure your master password is strong and memorable, and secure your password manager account with MFA!
Being cybersmart is contagious.
Our world is increasingly digital and increasingly interconnected. So, while we must protect ourselves, it’s going to take all of us to really protect the systems we all rely on. Being cyber smart is contagious. Take the four basic steps outlined above and help two friends do the same.