“2FA ALL THE THINGS!”
With the frequency of social media, financial, and corporate hacks increasing, and the hacking of passwords being made easier every day (through phishing, GPU crunching, dictionary attacks with letter/symbol/number substitution), it’s critical now to have two-factor authentication (2FA) or multi-factor authentication (MFA).
The latest hack of Okta reminded me that even sites we believe are safe and we trust can be hacked, so if our personal or corporate emails and the associated passwords are compromised, we still need to use 2FA so that would-be hackers need your second device or method in order to access your account (for identity or financial theft).
There are still a few sites I use that don’t support 2FA. I’m going to start trying to enforce 2FA on ALL of my accounts and on EVERY site I use. If it doesn’t support 2FA, then I don’t trust them.
Good advice. Especially now with impending or current hacks from Russia expected.
We’re already seeing the attacks from .RU across our infrastructure, financial, and corporate sites. Our internal SecOps channels have been lighting up this morning as our management team, security engineers, and developers are all discussing what we’re seeing and how to mitigate issues. I wouldn’t be surprised if we see more internet-wide issues if AWS, GCP, Heroku, Rackspace, Azure, and other hosting providers are targeted.
Email and Password are not enough. Two Factor Authentication is imperative, preferrably with Time-based One Time Passwords (TOTP) that require a real-time authentication and awareness by the account holder.