Authentication Apps
Have you enabled 2FA on your important accounts?
2FA (or 2-Factor Authentication) or MFA (multi-factor authentication) are the closest thing to a silver bullet to hackers trying to get into your accounts. This additional security confirms that you are actually the one trying to get into the account and not someone else who either stole your password or guessed it.
Why is it called 2-Factor Authentication or MultiFactor Authentication?
Your password is the first “factor” of the security. Hopefully you have a good quality password that is hard to guess or hack. But in case that failed, the “second factor” is a unique code that only you would know. And that code can be in the form of a 6-digit number that is either sent to you via SMS or generated by an authenticator app on your mobile device (so keep that mobile device safe!).
At the agency, you are probably already familiar with the Microsoft Authenticator app we use with many of our websites and services like Egnyte and Microsoft 365. But you may already use some of the others that are popular in the market today for your personal sites or services:
- Authy – https://authy.com/
- Google Authenticator – https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
All of these apps can be downloaded from either the Apple App Store or Google Play Store.
For your personal sites and services (such as your social media accounts, password manager apps, or cloud email service you are using) you can usually use the authenticator app of your choice, like Microsoft, Google, or Authy. Bear in mind that you will probably have the choice to choose SMS or one of these authenticator apps, and if you do, the authenticator apps are more secure. This is because mobile phone numbers can be cloned! (This means someone can impersonate your mobile phone number on a separate device and thus get one of your SMS messages.) The codes generated by authenticator apps cannot be cloned and are unique to your mobile device.
The number one benefit of using any form of 2FA is that it removes the complete dependence on your password being super-strong. Even if the crook either steals, cracks, or phishes your password from you (or elsewhere) they will still need your second factor (SMS or the authenticator app) to be able to log into your accounts.
Did you know? When we introduced mandatory 2FA for our IPG email system back in 2018, account compromises dropped by 99%. It’s that good! It can also be that effective for your personal accounts too. It’s not infallible, but it’s the next best thing for now, and we highly recommend that you enable it for your valuable online accounts.
