In 2012, Wired journalist Mat Honan saw his entire digital life destroyed in less than an hour. A hacker gained access to his Google account and then quickly began posting harmful messages from Honan’s Twitter profile before logging into his Apple ID and erasing all the data on his devices. This highly publicized virtual nightmare exposed major security flaws in popular websites and became the rallying cry for two-factor authentication. Had Honan been notified when someone tried to log into his Google account, the whole disaster might have been averted.
Today, two-factor authentication is available on almost every major platform, but most people still don’t use it. Google estimated that 90 percent of users have not enabled two-factor authentication. A security step that should be as common as passwords is overlooked because most people still don’t understand what it does. Let’s clear up some major myths about two-factor authentication.
Myth: All forms of two-factor authentication are the same.
Most people are familiarity with SMS-based two-factor authentication. You attach your phone number to an account and when you log in, you’ll receive a text with a code that you’ll need to input to finish logging in. However, there are also authenticator apps, like Google Authenticator; push-based authentication, which links to a specific device; and USB security keys like Yubikey that must be inserted into a computer in order for the account to be accessed.
Myth: Two-factor authentication will stop all account breaches.
There’s one rule in data security: Nothing is safe. If anyone claims to offer guaranteed protection against hackers, they either don’t know enough about IT, or they’re selling snake oil.
It is possible for hackers to get around two-factor authentication, especially if the two-factor system is SMS-based. That said, passwords themselves do not guarantee your account’s safety, but that doesn’t mean you should stop using passwords. More security is always better. And as hackers become more sophisticated, you need all the security available.
Myth: Two-factor authentication is annoying, time-consuming, and only necessary to appease compliance.
Yes, using two-factor authentication demands a little more time when logging into your accounts. But is saving an extra 60 seconds really worth putting your accounts at risk?
Two-factor authentication isn’t perfect, but it’s a whole lot better than leaving your accounts next to defenseless. Start by enabling two-factor authentication on all your accounts. If a service you use regularly does not offer the option for two-factor authentication, consider switching to a new service.
Thanks for reading,
Randy Sklar, CEO
PS. If you would like to find out how to hacker-proof all your passwords, watch the video below...