Many of you lock the house and/or the car and also have an alarm system for double safety. The two-factor authentication works in a similar way in the cyberspace domain. You have a password to secure your account and a second form of authenticating your identity in order to unlock it completely. This is usually a 6-digit code sent to your phone via SMS, or sent to a secondary email account of your choice.
Why is this a must have today?
Because many passwords are stolen these days, and a stolen password that is paired with a two-factor authentication (2FA) is useless.
A stolen password from an account that you do not care much about has the same value for national security purposes as the stolen password of a bank account (something you really care about – assuming it is loaded. LOL). When a stolen password can be used to access an email account, that email will be used to spread malware into the computers of all of your contacts. You will be surprised how often I get a call from a savvy and educated individual who tells me “Ceci, you will not believe what I did! I got an email saying it was from my friend and wanted to show me a pic, and when I clicked on the link my computer went nuts!”
Who offers 2FA?
Today, most platforms offer two-factor authentication and it is not difficult to set up, with the exception of a few services that have made this more difficult than it should be. One of them is eBay and I will walk you through to set your 2FA there as well.
You can visit this website to find out if the service you have or want to register for offers 2FA: https://twofactorauth.org/
When Apple released its iOS 9, it included a 6-digit simple passcode (which I hope you now have in your phone) and the 2FA built in the operating system. With the 6-digit passcode, the possible combinations were raised from 10,000 to 1 million. This means that an iPhone or iPad is now much tougher to crack.
How to set it up?
Below, I offer an explanation on how to set up the Google 2FA, and eBay/PayPal 2FA. If you need further assistance with the other accounts that offer 2FA, you can always reach out to Meta via email for a cyber consultation.
In Google, log into your account and go to the far right upper corner where you will see either your photo or your initials. Click on that big circle and select “My Account.” A new windows opens with the label “Sign-in & Security.” Click on that, and you will see a new page with the title “Signing in to Google.” To the right of that you will see “Password & Sign-in Method,” and 2-Step Verification. Click on that and follow the instructions on the screen.
Then, go back to the Signing in to Google page, and you will see right below the 2-Step Verification label, another label titled App Password. This is in place because once you set the 2FA in a Google account; you might not be able to use your regular password to check your email from a smartphone or an email platform. Although Google has been changing this to make the 2FA process really easy, there are still some accounts that will require you to enter this special one-time code that Google generates for you.
Thus, if after setting the 2FA you do not see email coming into your device, go to the Signing in to Google page, and select App Passwords. A new page pops up where you see at the very end two pull down menus with the words “Select App” and “Select Device” and the button “Generate.” Under Select App, indicate which one you are trying to sign in and for which you need a special code. If it is not listed there, select “Other” and type the name of the app. Then, select the device and click Generate. That long key that Google generates is what you need to enter now as your password and you only need to enter this once. The device will remember it for you. This is why it is so important that you lock your devise when it is not in use, and that you use a 6-digit combination to lock it.
Since eBay owned PayPal until 2014, you have to set the 2FA in PayPal in order to protect your eBay account as well. If you try to set this up from the eBay account itself, you will go nowhere.
Thus, you will need to log into your PayPal account. Under “My Account,” click “Profile” and select “My settings.” The fourth line is the Security Key and to the right of it you will find the option “Update.” Click on Update, and the “Register your mobile phone” screen will pop up. Follow the instructions on the screen and every time you log into your PayPal account you will need to enter the 6-digit number sent to your phone via text message.
LinkedIn, Twitter, Facebook, Instagram… they all offer 2FA and the set-up is pretty easy.
When is the 2FA a problem?
For those of you who work in facilities that do not allow smartphones inside, you will have to set the 2FA to go as an email to a secondary account because you will not have access to your phone when you try to log in to your personal email or social media account.
If your phone gets hijacked or lost or simple broken, you will not be able to access it to check the 2FA that you will need to login into your accounts. This will be a pain in the rear end. Nevertheless, you log into your accounts at a higher frequency that you break or loose phones. Google offers recovery tokens for cases like this. You might want to print a few to have them handy in case your phone is not accessible.
In the cyberspace domain, ALL accounts and devices are equally important because they all can be used as a stepping-stone to commit a crime. The United States of America is in the midst of economic cyber warfare, and it is your responsibility to ensure that your electronic accounts and devices will not be used to cause damage to our nation. According to Ponemon Institute of Cybercrime, in 2015, hacking incidents cost $15.4 million to the average American firm.
Because the events that occur in the cyberspace domain are not something you feel in your skin, like in the physical domain where someone that wants to rob you puts a knife in your ribs and you feel the pain and the extreme fear of loosing your life, it is often very difficult to bring a sense of individual responsibility to stop cybercrime.
Thus, I offer this analogy using the physical domain to help you see the importance of the statements written above. You live in a cosmopolitan area where there is heavy pedestrian traffic, and you choose to leave doors unlocked and windows open. Every day, your house gets burglarized. You call the police. The officers visit your home, take a report, and advise you to lock windows and doors but you argue that you want fresh air. This goes on weekly, monthly… you are wasting the city financial resources by having the police officers to visit your home and write a report, etc., etc. when you could solve the problem yourself by putting a motion sensor alarm, iron bars in your windows, and maybe a Meridus K9 trained dog! :-)
Do you see the parallel?
Thank you for reading. This is all for this blog, folks!
Meta Intelligence brings cyber risk management courses to your organization. Contact us for details.
About the Blog
This blog is updated on a bi-weekly basis and it will address a variety of topics concerning cybertechnology, privacy and ethics in the cyberspace domain.