$7
Multi-Factor Authentication Essentials
by
Donald Allen and Alexandre Blanc
Get the Best Cybersecurity Tips from the World's Most Erudite and Exciting Experts Delivered Straight to your Inbox, GRATIS:
dacybersecurity.com
$7
by
Donald Allen and Alexandre Blanc
Get the Best Cybersecurity Tips from the World's Most Erudite and Exciting Experts Delivered Straight to your Inbox, GRATIS:
dacybersecurity.com
Get the Essence of the World's Most Erudite and Exciting Minds in Cybersecurity Delivered Straight to your Inbox, GRATIS:
Donald Allen
Donald Allen is a humble #1 bestselling author on Amazon.com (24 March 2016) and cybersecurity evangelist.
It is his mission to help people realize how awful things can get if they don’t respect the power of the digital world. And that’s why he works hard every day to help people become Cyber Conditioned, so they can stay out of the hacker’s reach.
Donald Allen did almost 100 hours of interviews with cybersecurity leaders that protect(ed) the companies like Amazon, Microsoft, IBM, Gartner, HBO, Bank of America, PepsiCo, United Nations, Xerox, UNICEF, Walmart, AIG, DHL, Verizon, Morgan Stanley, WebMD, Airbus Group, KPMG, Ernst & Young, PwC, Deloitte… the list goes on.
Donald Allen continues to interview the battle-tested, most erudite, and fascinating cybersecurity experts every month. Insights he discovers he shares in his daily cyber security newsletter:
Alexandre Blanc is an IT and network specialist with a computer science degree from French university "SeReCom" (computer networks and services) obtained in 1999, with 20+ years of background in IT, managing and securing online services and networks since before it was called cloud. Open source and GNU/Linux enthusiast. He shares about cyber security topics to raise awareness and help all of us standing a better security posture.
Alexandre wrote an exclusive article "Multi Factor Authentication - Your Only Way To Be Safe, For Now. Here Is Why" for subscribers of the "The Donald Allen DAILY Cybersecurity Letter."
Get the essence of the world's most erudite and exciting minds in cybersecurity delivered straight to your Inbox, GRATIS:
These recommendations are an extension of the original article by Alexandre Blanc, "Multi Factor Authentication - Your Only Way To Be Safe, For Now. Here Is Why." This is one of the many exclusive materials available for subscribers of the "The Donald Allen DAILY Cybersecurity Letter." Consider reading it first.
1
Chose a second factor that you can easily recover or save backup codes.
If you forget your phone, or it get stolen or broken, you must think about a way to recover your access.
Most authenticator apps allow you to export a backup of your token. Store the backups OFFLINE, at home on a USB key, or print your recovery codes.
2
You can subscribe for free to the following services, and be notified when your personal information appears in a data breach:
https://haveibeenpwned.com/
https://breachalarm.com/
https://hacknotice.com/
3
After subscribing in the above services (point no. 2 of this checklist), you'll have an initial list of data breaches that impacted your account (your email, etc).
Action to take :
1. Set a new password, different for each service you use.
2. Use a password manager. Not the one built-in in your browser. Personaly, I do like this one.
3. Make sure you have enabled multi-factor authentication on each service you use, so the stolen data is not enough to steal your accounts.
4
Now that you master the Multi-Factor Authentication and know how to monitor your accounts, do the following :
- Educate your friends about MFA essentials.
- Help your family to protect themselves by setting up a multi-factor.
5
If you chose to use a password manager, you may want to share it within your family, and use the same for all of you.
You can have it as an app on your mobile, installed as plugin in browsers, or access it online.
There are some options with stronger encryption, and security, like physical USB keys (Nitro keys, Ubikeys, etc.), and true, they are safer than other soft tokens. They can't be copied etc.
However, there is also a convenience factor and flexibility to consider.
If you protect very sensitive data, then you'd look into the most secure option. Otherwise, soft tokens (authenticator apps) will do just fine.
No, you should enable multi-factor authentication even if SMS is the only option.
It is better to have a second factor, even SMS, than no second factor at all.
When using a shared account, such as with your other half, or family account, you can still use Multi-Factor Authentication.
If you use a TOTP, print a capture of the QR code used to register the service, and let all the users scan the code.
You can all share a second factor for an account, so you can still use it together.
Every 3 seconds identity is stolen online. Attackers look for eficiency and thus automation. First who got hurt by cybercriminals are those who do not follow Cyber-Hygiene Essentials and are completely not Cyber Conditioned.
If you don't want to become the next victim, then following MFA Essentials from this guide is in your best interest.
The following seven items are essential if you want to stay safe online. Remember and follow them at all times.