Last week we offered one essential piece of advice from our security team: use hardware security keys to protect yourself online everywhere you can.
This week, as we continue to highlight Cybersecurity Awareness Month, we’re taking a step back to review why it’s more important than ever to ensure that your online accounts have two-factor authentication enabled, and how to set up the This second level of security on your online accounts can help keep you safe in a digital world.
More Consumer Accounts leads to increased risk
As the global workforce increasingly relies on the Internet, especially during the COVID-19 crisis, we have seen people open more accounts online. More accounts means more potential for your username and password to be compromised.
The average user has more than 100 accounts linked to one email address, and each should have a unique password. Without a password manager many people are likely to reuse passwords across various accounts or use weak and easy to remember passwords.
Nowadays attackers tend to be computer programs that are fast and effective at calculating weak passwords and helping to convince unwitting users to transfer their credentials, typically through fraudulent emails. Known as phishing attacks, these fraudulent emails are among the most common threat vectors on the web.
Verizon’s RISK team noted in their annual Data Breach investigation report that since at least 2017, more than 80% of data breaches have leveraged stolen or weak testimonials. This data point may make it sound like consumers are mainly responsible for these breaches, but references can be stolen from vulnerable websites without you even knowing it.
Second Factors for Increased Security of Accounts
Our current system of using passwords is inherently flawed. Your password is a secret that only you are supposed to know, but the minute it is at risk, you have little right until you know the breach. One way to protect your accounts is to use some form of second factor, which acts as a second layer of security to ensure the security of your accounts.
If passwords are something you know, then a second factor (2FA) is something you have. The actual thing you have for a second factor may vary:
- it could be a mobile phone, which can receive one-time postcodes once you enter a password
- it could be a security signal, which either displays a one-time code or plugs directly into your computer, authenticating you to a website when you touch it
- it may not even be a thing, such as an email account where you can receive codes or direct links to access a website
These 2FA provide an additional layer of authentication, which requires you to access and use a device or program to provide additional credibility that you would not know on your own.
However, not all 2FAs are created equal. Tune in next week where we’re going to dive deep into the different types of 2FA and how they stack up against each other.
In the meantime, we have partnered with hardware security maker Yubico to promote staying safe online. Use promo code YK20E-GEMINI20 to get $ 20 off any two YubiKey Series 5 keys at the checkout desk on the Yubico website. The promotion ends November 30, 2020, 11:59 pm Pacific. You can learn more about hardware security keys here.
As we continue to focus on Gemini customer safety, we wish you all a safe Cybersecurity Awareness Month!
Onwards and upwards!
Team Gemini