Two-Factor Authentication (2FA) is an additional layer of security over the now old and in some cases insecure Username and Password Combination.
Two-Factor Authentication works by taking what you already know (username and password) and combining it with something you have – for example a phone or application which will receive or generate a verification code needed to confirm your identity and complete the login process.
Why do I need 2FA?
We are seeing an increase in Phishing E-Mails which are trying to lure the recipient to a very real looking, but fake login page by appearing to come from a known and trusted contact; more often than not that email has come from the previous victim of the Phishing attack. We have seen the e-mail contain links to invoice payments, shared documents and delivery updates – all with the same intention to get the user to enter their credentials into the fake website. These usernames and passwords are then used to send the same phishing email from you onto the next list of victims – your customers and contacts… The login details are then sold to other Cyber Criminals as compromised accounts.
Two-Factor Authentication (2FA) helps combat this by needing that second bit of information – The verification code, before allowing the login, so without that your compromised username and password won’t work.
What can we do to help protect ourselves?
With almost regular data breaches of hugely popular companies happening, Two-Factor Authentication (2FA) is fast becoming a standard feature – so always enable this if available. There are also some simple steps to help keep the criminals away from your information.
- Pay attention to emails containing links to documents or Invoices you’re not expecting, even if it’s from someone you know – if in doubt call the sender and confirm it’s a legitimate email.
- Look out for common phishing language in emails like “Verify your account” or warnings that your account has been compromised.
- Look out for emails that try to convey a sense of urgency. For example the MD asking you to transfer a sum of money to pay a supplier.
- Keep your PC and Anti Virus updated and avoid opening any suspicious attachments or links.
- If you have Two-Factor Authentication enabled and receive a verification code when your not expected it – this could mean your username and password have been compromised and it’s time to change the password.
If in any doubt feel free to speak to us and see how we can help secure your email system.