Get done what you’ve been putting off in two easy steps to give yourself a huge head-start against cyber attack by ensuring you have a password manager and 2FA/MFA (multi-factor) protection on your accounts.
In the same way you lock the door to your home to prevent unauthorised access, the cyber world requires the same action. The reality is the jargon and requirements often make it overwhelming to protect what is valuable to you.
Can I do this in 5 minutes?
Possibly, yes. It depends on what you have setup already. The purpose of this is to give you the insight on what you need to do and how, inside 5 minutes.
Password manager:
A password manager is a secure and encrypted vault that holds passwords for all your accounts. This is where the magic of having unique and random passwords for each account become a breeze – and you’re already feeling the weight of burden lifting. Yes, the fear of sharing passwords can be eliminated (you still have to do the heavy lifting but at least you have a path ahead to achieve that).
They will auto-fill in username and password fields so you don’t have to (saving you even more time).
Some suggested providers:
LastPass https://www.lastpass.com/
1Password https://1password.com/
Keeper https://www.keepersecurity.com/
To be honest they are all a much of a muchness. Their security is absolute, their features are continually being improved and refined. Personally I use LastPass, as it comes bundled with our Webroot Antivirus package.
It does require a master password and use of multi-factor authentication to access the service. The master password is one that you need to remember and store somewhere. Fitting the theme of the ‘break glass in case of emergency’, you could write it on a label and stick it under a jar or under a container where only you and those you trust, know where it is and what it is (hint: don’t add a description on the label that says ‘this is my master password for….’
A second suggestion is have a note on your phone or computer where you keep random thoughts, and pop it in there. Save it with an easy-to-remember title that doesn’t give a hint as to the contents of the file (suggestion: ‘conference to-do list’, or ‘garden makeover’). Meaningless to anyone trawling/trolling your files, yet gold to you.
Multi-factor authentication:
Multi-factor authentication (MFA) uses more than one form of authentication to gain access to an account. It usually involves a second form of authentication such as a phone call, SMS message or randomly generated matching number that appears on a phone app.
Think of MFA as a second-step password. You have the username, the password and MFA is the second password. The difference is it is usually a number, that is randomly re-generated every few seconds (referred to as a one-time password/passcode). So what you use now will be different in a minute’s time. Imagine how that stops a hacker in their steps. Without all three the account cannot be accessed.
The most common form of MFA is an app on your phone, that links your account to the random number generator.
Suggested apps for use with MFA:
- Google Authenticator
- Lastpass
- Microsoft Authenticator
- Authy by Twilio
- 2FA Authenticator
- Duo Mobile
- Aegis Authenticator
Personally I use Google Authenticator, Authy and Lastpass. Why three? Some accounts are more easily connected through Google Authenticator and the rest I spread/split the risk. As long as I understand what I have where is all that matters, it just makes it harder for anyone who isn’t me or my trusted backup.
Word of wisdom: If you get the option of backup codes for the account you are adding MFA to, take them and store them in a safe location.
If you lose/damage your phone, you’ll lose access to your MFA account, making it very very difficult for you to re-gain access as you’ll have to go through all number of hoops to prove you are allowed access (and not a hacker).
Suggested apps for use with MFA:
- Google Authenticator
- Lastpass
- Microsoft Authenticator
- Authy by Twilio
- 2FA Authenticator
- Duo Mobile
- Aegis Authenticator
Accounts that MUST be secured:
- Email – your email account is the gateway to most of your other services. It is usually the point where ability to reset your password takes place. A hacker will attempt to gain access this to then be able to change the password to other accounts.
- Banking – everything you’ve worked for, saved for, is up for grabs if someone gets in.
General word of wisdom: always sign out, especially when it comes to social media. You leave a digital footprint that makes it easy to track you in ways you’d rather ignore. 1: Change your passwords
- Getting rid of your old email provider is a good start. It’s a good idea to move your important email to a new service.
- You can change your password for your email address in the settings of most email providers.
In summary: Take the sting out of passwords with a service that remembers them, a different one for each and every account – that uses letters, numbers and characters. Secure that service with a multi-factor authentication method (ideally an app on your phone), that provides a one-time time sensitive code / number to enter.
As each instance is individual to your type of phone and what you are securing, know what you’re needing to secure and enlist help from someone you trust at making it happen.
Was this of value to you? If so and you feel the desire: Buy Me A Coffee