Using 2FA

Online fraud and cyberattacks are on a massive upswing, with Britain’s National Cyber Security Centre (NCSC) reporting that a staggering 80% of fraud is now "cyber-enabled." In Australia, the cyber threat landscape is also rapidly evolving. Australia recorded 47 million data breaches last year, making it the 11th most affected country globally, with, on average, one Australian account compromised every second last year. The Australian Cyber Security Centre (ACSC) reported over 87,400 cybercrime reports in FY2023-24, equivalent to one report every six minutes. The average self-reported cost of cybercrime per report for individuals in Australia has also risen to approximately $30,700, a 17% increase from the previous year.

The first line of defense for your email, social media, and other online accounts is often woefully inadequate as we are generally not implementing good password hygiene. Make them long and strong… and… if there’s a MFA option, use it!

Two-factor authentication adds an extra layer of security beyond just your password. When you log in, in addition to entering your password, you'll need to provide a second piece of verification, such as a code sent to your phone via text message. This dramatically increases security, as even if a criminal manages to guess or steal your password, they still can't access your account without that second factor.

2FA works by providing a critical second layer of security before someone can access an account. This can be done through an authenticator app, SMS message, hardware security key or biometric verification (using facial scans, eye scans or fingerprints). These verification factors are often time-sensitive, ensuring they cannot be reused. By reducing reliance on passwords alone, 2FA effectively protects against phishing and other common cyber threats, making it a simple yet powerful tool for enhancing online security.

How to Set Up 2FA Securely

Most online platforms, including email and social media, offer the option to set up 2FA. Look for it in your account's "Settings," "Security," or "Privacy" sections. You can typically choose between receiving codes via email, SMS, or using a dedicated authenticator app. Pick an option that is easily accessible for you.

When you attempt to log in, you'll either receive a text or email with a 2FA code, or an alert from your authenticator app requiring you to enter a code. This crucial step locks out attackers, even if they have access to your email, and significantly deters automated or mass attacks.

Can You Still Be Hacked with 2FA?

While 2FA makes it significantly harder for cybercriminals to breach your accounts, it's not entirely foolproof. Not all 2FA methods offer the same level of security.

Text message codes, for instance, are considered less secure than other methods because criminals can sometimes intercept these codes or even trick phone network employees into creating a SIM card with your number. "While 2FA offers an important layer of protection against credential theft and breaches, not all 2FA methods are equally secure – SMS-based codes can be intercepted by bad actors, so authentication apps offer stronger protection,"

Using two-factor authentication makes it more difficult for hackers to get into your account.

It’s still worth ensuring that all passwords are strong, secure and unique – particularly for your email account, as criminals can use this to reset other passwords. Use a password manager app to store passwords, making it easier to use unique passwords for each account.

And even if you use 2FA, stay alert, "2FA alerts on a smartphone can serve as a critical warning sign that your account’s credentials have been compromised, providing an opportunity to update your password before the account is breached."

Ep336

Image created by AI