Because of the Heartbleed vulnerability that rocked the online world last week, security should be top of mind for anyone who uses a computer. But changing your passwords for ALL online portals — the extent of the Heartbleed bug isn’t entirely known yet, and any password used on numerous sites could have been compromised — shouldn’t be the only critical action you undertake.
Why? Even the strongest passwords are vulnerable to the complicated algorithms employed by hackers that can deduce login information via brute force attacks. And over the past 12 months, many high-profile sites, including Evernote, LivingSocial, and Drupal, have had encrypted passwords stolen. In the wake of the Heartbleed vulnerability, Inc. even announced that “the password is dead.”
So what can do to enhance your online security? Many sites now utilize two-factor authentication, which is basically a two-tiered login system: enter a password and then confirm your identity via a code or token delivered by text message or phone or a biometric criteria like a fingerprint or recognition tool.
If it sounds like science fiction, well, that’s because it is. But with cyberattacks growing increasingly common and increasingly complicated, the idea carries weight — especially with those worried that their bank account, Social Security, or other personal information has been hacked.
How does two-factor authentication work?
1. First, you need a strong, secure, unique password — one that you’ve changed in the last week since the Heartbleed vulnerability went public. It doesn’t cost anything (nor do the bevy of password management tools available to corral them) and is still the basis of all online security.
2. Second, on any site that utilizes two-factor authentication, ACTIVATE IT! Plenty of choices exist for the type of second factor to set up. Your smartphone is the most ubiquitous and easiest to use option. Google, PayPal, and many banking institutions employ codes sent to you via text message or voicemail that you then enter to confirm your identity. Somewhere without cell service? Google’s Authenticator app can automatically generate a code in such an instance. Like your technology a little more cutting edge? The LaunchKey app will let you to simply swipe your phone to show you have the required code.
Other more advanced second factors include the iPhone 5S’ fingerprint scanner; facial and voice recognition software; USB devices that, when plugged in, enter a virtual password; tokens with LED screens that can create a unique code; backup options like landline phone confirmations or designated backup passwords created upon first initiating an account; and even bracelets that monitor your pulse before signing you in to accounts.
Even with two-factor authentication formats that worthy of science fiction, security concerns can still pop up. Smartphones are stolen all the time, and Apple’s new iPhone fingerprint reader has been hacked. Even facial and voice recognition technology can be fooled. In short, no form of authentication is 100% secure — which is why using two is so crucial, especially in light of last week’s Heartbleed vulnerability.
Unsure how to address potentially compromised information? Overwhelmed by the idea of changing all of your passwords? We take online issues like Heartbleed very seriously, and we’re committed to improving productivity and enhancing efficiency so that you can achieve your business goals. If you want to make technology work for your business, not against it, contact us today.