Security for Micros – PS
Last post I talked about 4 items for rational security, but I forgot one. The problem is that nerds have named it. It is called Multi Factor Authentication (MFA). What does that even mean? It means having two or more layers of passwords. Like an old GMC truck; they used to have a key to get inside the cab, and a different key to start it.
Given that our identity and way of earning a living is dependent on keeping certain data safe, security is essential. Multi Factor Authentication is the pinnacle of blocking the bad guys and our own innate trust that other people wouldn’t-do-that-because-I-wouldn’t. In most cases, it is easier for the bad guy to trick us into giving them our password than for them to use expensive computation resources to hack it with billions of attempts.
Background
Multi Factor authentication is described as something-you-know and something-you-have. Its precursor was knowing more than one thing, like the three lame security questions for your web-banking. What-you-know are your username and password, and what-you-have is your cell phone – there’s an app for that. Now, even if you accidentally share your super-secret password when your long-lost buddy posts the most hilarious joke, which happens to need your Office 365 username and password, well MFA has your back.
How It Works
First, you need to set this up for the technology resource in question. Many cloud-based services have this option; Office 365, Google, LinkedIn, some banks (all banking should enforce this, but they don’t), and many others including all your socials.
The second part is normal, you enter your username and password on the technology resource you are using that has sensitive information.
When you enter the correct credentials, you will be prompted to approve the login on your cell phone, or you’ll be prompted for a time sensitive code. The time sensitive code could be emailed or texted to you or self-generating on an app on your phone. After you approve the login or enter the code, you are granted access.
This is a wise practice for any business or individual. If you need help implementing this strategy, call me.