We're halfway through National Cybersecurity Awareness Month (NCSAM)!The overall focus for this month is on mortgage payoff wire fraud; however, no cybersecurity awareness month would be complete without information on how to protect e-mail accounts hackers attack. This week, we're focusing on strong passwords and multi-factor authentication.
Be sure to watch the video with Krista Christensen as she walks you through information on strong passwords and implementing multi-factor authentication.
UTILIZE YOUR PASSWORD STRENGTH!
Password cracking is an extremely common tactic for hackers considering that less than half of the public utilizes strong and complex passwords. There are several programs that hackers can use to guess or "crack" passwords, which means that we have to take important steps to outsmart the hacker and protect our personal information.
How do hackers steal passwords?
In general, password attacks fall into four major categories: password theft, password guessing, password cracking, and unauthorized password resetting or bypass.
The most common theft method is sending a traditional phishing email, which prompts the potential victim to click on a link and type in their username and password. Passwords can also be manually guessed...and the shorter and simpler the password, the easier it is to guess. The average user rarely changes their password and uses the same password for multiple accounts, making them an easy target.
On the more technical side of things, a "password cracker" is an application program that can recover passwords using various techniques and algorithms. Thankfully, there are ways we can make our passwords stronger, more complex, and difficult to uncover.
What are some simple password tips?
- Consider using the longest password permissible
- Don't include personal information in your password
- Use a combination of upper and lowercase letters
- Avoid using common words
- Substitute letters with numbers or symbols
- Use phonetic replacements (ex: "PH" instead of "F")
- Don't reuse the same password on multiple accounts
- Store all of your unique passwords with a password manager
KEEP YOUR GUARD UP WITH MFA!
Imagine that your computer, with all of your sensitive information and personal belongings, is like a castle. Your password is the lock on the door, but enabling multi-factor authentication is like building a moat. Similar to a moat, MFA is an additional defense against attacks. It makes it even more difficult for scammers and hackers to compromise your account. When possible, you should always turn on MFA because it's easy to do and greatly increases your security.
How does MFA work?
Enabling MFA adds an additional step when logging into an account. The first step is entering your password, and the second step is providing an extra way of proving that it's really you. This could be a PIN code or texting/emailing a code to your mobile device.
MFA can include:
- An extra PIN (personal identification number)
- The answer to a security question (ex: What's your pet's name?)
- An additional code emailed to a mobile number
- Facial recognition or a fingerprint
- A yes/no button or unique number generated by an authenticator app (like those from Microsoft, Google, or Duo)
- A secure token, which is a separate piece of hardware (like a key fob)
Do all accounts offer MFA?
Not every account offers MFA, but it's becoming more popular every day. MFA is the standard for most financial institutions, online stores, and social media platforms. According to Microsoft, enabling multi-factor authentication is 99.9% effective in preventing breaches. Simply put, use MFA everywhere you can.