Our technology and securities are continually improving, but so are hackers and their malicious software. The standard practice of choosing strong passwords, while important, is not enough anymore. Take a moment to consider the digital accounts that you commonly access. You will likely notice a trend across these platforms now requiring multiple steps to verify who is trying to login to the account. Multifactor Authentication (MFA) is a process using two or more credentials in combination to verify a user’s identity. These credentials will fall into three categories:
- Something you know: like a password, passphrase, or PIN
- Something you have: like a security token or security code
- Something you are: biometric verification methods, like scanning a fingerprint or facial structure, or voice recognition
Why Can’t I Just Use a Password?
Passwords are one of the most common targets for phishing attacks. Hackers are hoping to find vulnerabilities in passwords to gain unauthorized access. If your password is too straightforward, or is the same across multiple accounts, it is making the hacker’s job much easier.
Whenever a large-scale breach occurs, all users will receive a notice from the affected company. Part of this communication will encourage users to change their password on all sites that they may have used the same password for. The reason behind this is a concern about “credential stuffing”. Credential stuffing is a practice where hackers use stolen credentials from one site to attempt to access other common sites. Again, they are hoping that you have used an identical password for multiple accounts.
You are a Factor in Your Digital Security
The majority of businesses have adopted some level of multifactor authentication for their access points, with more joining every day. We are also seeing updates in privacy legislation, driving updates to company privacy and security policies. Regardless of a company’s best efforts, every user also plays a part in protecting the system and their data.
Here are some tips to improve your digital security:
- Develop strong, unique passwords
- Do not share your passwords with anyone
- Turn off the ‘save password’ feature in your browser
- Consider a password management app
- Security tips here: Password managers – Canadian Centre for Cyber Security
- Opt-in to biometric verification, when available
- If you lose your security token, report it to the provider ASAP
- Install antivirus software
- Think before you click – consider if you know the sender, and hover over the link to see where it intends to take you
- If a caller is asking for information and something doesn’t seem right, hang up, and call back through the company’s official phone line
- Consider using a VPN when using public wi-fi networks
- Consider using an authenticator app, such as Microsoft Authenticator or Google Authenticator, as they are the most secure option when compared to an SMS message, email, or phone call.
More Resources
Get Cyber Safe – Government of Canada
Canadian Centre for Cyber Security