Typically, these are your account’s password and a temporary code sent by SMS, or provided via an app.
If you can, enable MFA wherever possible, especially if the site or service involves finances or other sensitive information.
A copy of last week’s column can be downloaded at https://tinyurl.com/MFAp12019.
We’re all familiar with computer users who write passwords on a scrap of paper and stick them on their screen. If you do, perhaps today you’ll find what you need to keep track of your important account information in a more secure way.
Problem: MFA is widely used in various incarnations across most popular web services, but there are probably several websites you use that are yet to implement MFA, or perhaps rely on an alternative solution. Many sites rely on just an email address and a password.
The most common problem with this is that many people use just one or two passwords across all their accounts. If a web service is compromised and its credentials revealed, the attackers have an email address and password to try on a multitude of other websites. Millions of compromised usernames and passwords have been traded without their owner’s knowledge on the “Dark Web”, the secret and seedy underbelly of the internet where all sorts of immoral things happen. You don’t want your account credentials to pop up for sale there.
Check: Check if your account details are compromised. Enter your email address at https://haveibeenpwned.com. It checks for your email address against millions of records that are added to daily as new breaches and lists of compromised accounts surface. If your credentials are listed, don’t panic - often the match is merely indicating that your email address has surfaced in some obscure breached record. Read each result and if you recognise any accounts linked to services you are using, or that warrant concern, change your password for the services immediately. If the password is one you use all over the place, reset them all. If you need advice, email me at [email protected]
Well Hidden: The obvious solution to the issue is to never use the same password across multiple sites. Change them regularly for those that are especially important or high risk. To keep track of the passwords, you could write them down somewhere. From an online security point of view, it could be argued that hackers can’t find well-hidden bits of paper. Another consideration is you can choose to share the details or location of the list with a trusted person, which might help them access essential online accounts should you suddenly not be around one day.
Convenient: Password managers are a more secure and convenient solution for handling account info and passwords. They make it easier to manage various credentials, and they are convenient too as they can autofill information for you. I’ll take you through a few of the most popular managers next week.