The last thing you want to encounter when surfing online must be having your accounts taken over. Losing social media account, you’ll have to add friends and follow pages once more. What’s worse, with social security number taken over, you’ll suffer financial loss in taxation issues or unwanted charges.
You must have done plenty to fortify your online account. In our past blog, we’ve discussed how to create perfect passwords, while in fact, perfection does not really exist in cybersecurity. Rather than “perfect”, “strong” is the word to describe your password.
What we want to do is to set up stronger protection for online accounts. When traditional passwords may not suffice, 2FA – two-factor authentication is there to complement.
What is two-factor authenticator (2FA)?
Apart from username and password, which is considered to be the first factor, 2FA adds a second factor that has to be confirmed on your mobile phone or email for every one of your log-in attempts.
A classic classification of factors is shown in the picture below.
- Usernames and passwords count as what you know;
- Your own devices used to receive confirmation request, verification code or barcode is what you have;
- Biometrics like fingerprints or face is what you are.
What’s strong about 2FA is that scammers don’t have access to your mobile phone and email even if they have your username and password through data breach or phishing. In this way, the difficulty to steal your account is leveled up.
Actually, you probably have already been using 2FA for a long time without knowing its name. For example, e-payments or online account adjustments usually requires 2FA. But caution work in many other occasions.
To list a few guidelines to set up 2FA for major online accounts:
Can 2FA eradicate identity theft?
Advantages of 2FA have convinced tech-savvy users to enable 2FA wherever possible. However, we have to admit that counting on 2FA to eradicate identity theft might be too much.
According to Forbes’ recent news, a phishing scam did make it to bypass two factor authentication. It adopted Muraena and NecroBrowser, “two tools that worked together like the perfect crime duo,” as was described in the report.
However, the senior engineer who discovered this phishing scam, Seith, advised us to stay optimistic about 2FA as a robust defense, and added that “we now need to be even more diligent about detecting phishing attempts.”
This makes perfect sense because phishing scam is the top evil to trick your account information out of you. If we can identify a phishing email as early as the minute it enters your inbox, we’ll be free from having online accounts taken over by scammers.
Protect your account from the bottom issue: phishing
- Check if sender’s email address belongs to a legitimate organization like @apple.com, instead of @gmail.com or any other random private email;
- Check whether the claimed sender is the real sender through meta information;
- Detect all the links and attachments to see if there’s any malicious intent.
These are the three criteria for you to decide whether you’ve received a phishing email. Apparently, except for the first one, the rest two are hard to decide without handy tools. The good news is that the add-in of Mr. Post is exactly made to do this job.
Equipped with strong passwords, two-factor authentication and anti-phishing tools, you are ready to safeguard your cybersecurity.