One of the most simple and effective security measures you can take is enabling two-factor authentication (2FA) on all of your accounts. 2FA, or sometimes known as multi-factor authentication (MFA), adds a second layer of protection - an additional step - when you login to your account(s). This can prevent someone else from logging in even if they know your password. In fact, a 2019 Microsoft study concluded that 2FA really works, blocking 99.9% of automated attacks.
To further explain, 2FA requires an additional piece of information on top of your password. You'll usually have a couple options when it comes to enabling your 2FA method, depending on the account type. Here are the most common:
Verification Code - This will be a one time code sent to a trusted phone number or email address. You'll be prompted to enter the code exactly as it appears in the message before you can log in. If you select your phone to receive this code, you'll usually have the option between a text message or voice call to verify your identity.
Third-Party Authentication App - Basically you install an app on your device (for example: Google Authenticator or Duo Mobile), and then when you sign into your account, you'll receive a push notification to verify it’s really you trying to sign in. In most cases, you'll just have to tap "Yes, it's me" or something similar.
Backup Recovery Codes - If you lose your phone or can't get codes by text, call, or via an authentication app, this might be the best option for you. When you set up this method, you'll request a set of codes which work like a hidden key under your doormat. They are randomly generated and only work once - you'll want to keep them in a safe place in case you ever need them. Typically these are downloaded and saved somewhere secure, or written down at home or work. If you do use them, you can request a new set at any point.
In many cases you might think that your password is strong enough on its own, and the last thing you want is an extra step to get in. But even if you do have a very complex password, there are still many ways hackers can figure it out. Here are a few just for reference:
Data Breaches - Unfortunately, breaches of large organizations are quite common nowadays and if you have an account set up with a company who has been breached, your personal information can end up exposed. Hackers can easily purchase usernames and passwords in bulk on the dark web, and if you've ever reused your password, this could mean multiple hacked accounts in one day.
Phishing - This is quite common, and the reason you probably receive so many scam emails and text messages throughout the year. Phishing attempts are when hackers impersonate a business or trusted contact in order to trick you into revealing your personal information. If you respond, your information goes straight to the hacker instead of the intended contact. Research conducted by CISCO, a telecommunication and software company, estimated phishing actually accounts for around 90% of data breaches.
Spyware - Less common, but definitely still a threat, this is when a hacker has secretly installed malware on your device. The hacker then has the ability to record everything you do on your device, including typing in your usernames and passwords.
This all said, even if your password ends up in a hacker's hand, 2FA can be an important measure to prevent them from accessing your account(s). Of course just enabling 2FA is not going to be a 100% foolproof way of making sure your accounts are never hacked. However, most hackers will not target a specific person, but rather a group of individuals with weaker account security. So if your account is going to be difficult to crack, they'll likely move on to the next.
If you're worried that your information has already been exposed, you can download Cyrus and activate our Online Account Protection feature. When you do so, we'll continuously monitor your primary online account(s) for data breaches; past, present and future. If your password changes, a new device or suspicious login is detected, or if any of your other security settings change, you'll be the first to know.