Let’s be honest. Remembering passwords on top of the million other things to do in any given day is a lot. Are your teams passwords fairly similar across multiple online accounts? It’s okay, you are not the only business.
Most people reuse their passwords over many different applications, and have one or two passwords only. With the increased need for security, however, there are now much better ways to protect your accounts and provide additional layers of security.
Nowadays almost all online services, banks, social media, shopping have added a way for your accounts to be more secure.
Here we help you to understand MFA and 2FA plus introduce you to LastPass to manage your teams passwords. GTB supplies and assists with setup of business wide LastPass Business (see below for more).
What is MFA and 2FA?
Maybe you’ve heard of the term MFA or 2FA and are slightly confused. Let us help you break what this is and why you need it.
MFA = Multifactor authentication
2FA = Two factor authentication
In the old days!
In the old way of doing things you signed in to your online accounts in a process called ‘authentication’. That included a basic login and password. For example
Login = [email protected]
Password = Matts dog or Matts birthday (something that Matt could remember easily and something that Matt used across all of his accounts)
Multifactor Authentication (MFA), however, works by adding additional layers of security to your online accounts.
This provides a “second” thing - what we call a second "factor" - to prove who you are.
Yes, the first layer remains as your username and password, however now you can add another layer of protection. For example:
An additional password, or a PIN.
A code accessible through your smartphone, or a secure USB key.
A fingerprint, or facial recognition.
How does MFA work?
What this additional level of protection does is helps to ensure that you are who you say you are when logging into your online account.
So even if someone gets your user name and password, and logs in with your credentials, they will be stopped!
You will get an immediate notification on your phone to indicate that someone is trying to login to your account.
You can then decline the authorisation, locking them out. This also tells you that your password has been guessed, so you know to change your password.
How do I get MFA?
Many of your current apps will have an MFA feature that you can turn on. For other things like email, you can enable MFA.
This may mean talking to us here at GTB so that we can assist you to help turn on your Microsoft 365 MFA feature.
Once it is turned on, you and your team will need to use MFA before you can next access you emails/Teams and other applications.
Make sure that everyone is ready for this and knows what to do. It isn’t hard, but like with all changes, its best to ensure that you have support from the rollout.
What about Passwords?
1. Can I re-use Passwords?
Reusing the same passwords across multiple accounts is not a safe idea as it creates an opportunity for credential stuffing attacks. A credential stuffing attack is one where leaked credentials from one site/service are used on another site/service to see if they work. It would be like using the same key for your car and your house.
For example, if you use the same password on your online bank account and Facebook, an attacker can easily breach both of your accounts even though you may not have reused the same password on your email account. This potential harm this practice can cause may be a monetary loss, data loss or loss of sensitive personal details.
Here at GTB we recommend that you update your password after every three months, unless you have been the victim of a cyber-attack, then you should change your password immediately. This ensures that if your credentials are breached, then they are not able to immediately breach other accounts also.
How strong is my password?
Password strength is a big topic of discussion. You know the drill, you must use lower and uppercase letters, use numbers, use special characters, make sure it is long. But even after all this effort, your password can still be weak!
You can test your passwords out before you use them at these websites. They give you slight different information about the strength of your password, which should help you to strengthen your password choices:
Note: Your password is not collected or stored at either of these websites. They are well known secure sources of information that you can trust.
Should I use a Password Manager like LastPass?
Yes, it is definitely best practice to use a Password Manager.
Password Managers allows you to keep track of your passwords without having to remember them.
The advantages of a password manager are:
A password manager can generate for you long, complex, unique passwords across different sites and services
A password manager reduces the need to remember your passwords
A password manager is good at spotting fake websites, so they can alert you to a potential phishing attack
A password manager can generate new passwords whenever you need to update your credentials
A password manager can sync your passwords across all your devices, so you’ll have them with you regardless of what device you are using to login.
A good quality password manager is a safe, trustworthy and highly recommended security tool. Known trustworthy tools such as LastPass can be trusted to protect your account logins.
In conclusion:
Having MFA or 2FA is an essential these days, and so is having decent and unique passwords. For practical reasons you need to have a business password solution in place to ensure your team are password secure.
Here at GTB, we can help you to simplify this process, and provide you with support to easily and effortlessly apply these tips. If you would like to discuss your specific needs, please feel free to reach out to us here.