Posted by We have heard so many stories recently about people getting their accounts hacked. And the scary thing? It feels like the number and frequency of these stories is increasing. The attacks are becoming more effective, because of Artificial Intelligence tools. Hackers are using AI to generate their scam messages so that when you read them they seem legitimate. The days of spotting a hacking attempt because the text is from a non-English speaker are coming to an end.
Even worse, these criminals are becoming more technically capable. They are setting up fake websites using logos and graphics from the original website and sending you a link to update your account information. When you follow the link, the website looks legit, but it is completely fake. If you fill out the form, you are providing criminals with your information that they will immediately try to use before you have a chance to realize you’ve made a mistake.
What can you do to protect yourself?
The best thing that you can do to truly protect yourself is to turn on Two-factor authentication for any of your important accounts. And yes, it is an additional step when you are trying to log into websites. But the trade off is worth the peace of mind that a hacker would have to know your account username and password and ALSO have access to your email, phone or authentication application.
Having Two-factor authentication enabled is orders of magnitude more secure than simply having a username and password to access your accounts.
There are three main types of Two-factor authentication
Basically, Two-factor authentication (2FA) adds an extra layer of security to the login process by requiring two forms of identification from the user. You still provide a username and password as you start the login process, but once those are submitted, you are then challenged again with a 2FA code.
Here is a description of three common methods used in 2FA:
Method 1 – SMS Text Message:
In this method, after you enter your username and password, the system sends a one-time verification code to your registered mobile phone number via SMS (Short Message Service). You enter this code into the login interface to complete the authentication process. SMS-based 2FA is widely used due to its simplicity and widespread availability of mobile phones. However, it has some drawbacks, including susceptibility to SIM swapping attacks and potential delays in receiving the text message. That said, it is WAY more secure than not having 2FA turned on.
Method 2 – Email Notification:
Similar to SMS-based authentication, in this method, you enter your credentials, and the system sends a one-time verification code, link, or confirmation message to your registered email address. You then check your email account, retrieve the code or click on the link provided, and input the code or confirm your identity through the link to finalize the login process. Email-based 2FA is convenient for people who prefer not to rely on SMS or when SMS delivery may be unreliable. (Usually due to not having cellular service.) However, it may not be as secure as other methods since email accounts can also be compromised. Again, this is still much more secure than not having 2FA turned on.
Method 3 – Authentication Applications:
Authentication apps, such as Google Authenticator, Microsoft Authenticator, or Authy, generate one-time passwords (OTPs) that you can input alongside your username and password during the login process. These apps typically leverage time-based algorithms or use QR codes to synchronize with the user’s account. When logging in, the user opens the app to retrieve the current OTP, which changes every few seconds. This method is considered more secure than SMS or email-based authentication because it doesn’t rely on communication channels that could be intercepted.
Additionally, authentication apps can work offline, making them suitable for situations where network connectivity is limited. However, you need to install and set up the app on your device and learn how to use it (which isn’t too hard!) This is the recommended method for enabling Two-factor authentication for your important accounts.
Good luck out there!
We hope this public service announcement about Two-factor authentication has been helpful. It can sound complicated because it’s new-ish and people don’t want to take the time to set it up. But if you ever get hacked, the pain of fixing your account access, or worse, actually having money stolen will be so much worse.
Please consider setting up 2FA on your important accounts! (Any account that has your birthday, social security number, credit card information, etc. is a good candidate for enabling 2FA.) Most of the sites you use will be asking you to enable this (or even requiring it) in the months to come. Hopefully this message will help you move forward with 2FA, if you haven’t already, to protect yourself.
Home Rental Services Blog 