Your Guide to Not Caring About Stolen Passwords: Phone Authentication
Use passkeys if you can!
Why would we make logging into websites (slightly) more complicated?
Because keeping the bad guys out is a serious business, and we want to keep your information safe and sound.
Let's talk about passwords for a second. Do you use the same or similar passwords everywhere? That's like using the same key for your house, car, and secret vault. If someone gets hold of that key, they have access to everything. No good!
Now imagine you work at a company that pays you money (hopefully), and I'm a hacker who wants some of that money.
Lets say I discover you where you work on LinkedIn or maybe you talk about it on Facebook, Instagram, or Whatever Social Media App The Kids Use Nowadays. Now I can likely figure out your email address for the next step.
So, I try to break into your email, your work accounts, your VPN, using simple passwords like "Summer2023" or "Grizzlies!" or "Mary15." Why? Because people often use common patterns and reuse passwords like crazy. It's usually a goldmine.
And guessing isn’t even necessary - so many sites get hacked every day. Even LinkedIn got hacked a while back! They had a relatively simple website bug, and now your email and password you used at the time are floating around the dark web, along with 100 million other people’s. Not cool, LinkedIn. Not cool.
As a hacker, I dive into those leaked passwords, and guess what? I can probably find yours! It's like finding a Benjamin on the street, except I can use it to steal your information or wreak havoc on your work life. Cha-ching!
Maybe I inject myself into an email thread and tell your bookkeeper or accounts receivable department to update your direct deposit info to my bank account, or wire a payment overseas, or maybe I steal all your files off your servers. It’ll usually end up being a bad day.
So, how do we avoid this messy situation? Enter the feature called Multi-Factor Authentication (MFA)! Sometimes called Two Step Verification, 2SV or 2FA. It’s just a name and it’s simpler than it sounds.
You log into your email account as normal, and if it's from a new computer the website doesn't recognize, a text code shows up on your phone. It's an extra check to confirm it's really you. No code, no entry. Simple as that! If you've already entered the code on your computer, no need for the code.
You set up MFA with a few clicks: either the website texts you a code or you use a basic app like Google or Microsoft or Duo Authenticator. You scan a QR code, and boom, your phone becomes a key to your accounts.
We wrote a basic guide with a few more details you can find here: https://www.linkedin.com/feed/update/urn:li:activity:7086721250269532160
Now, even if I have your password like the one I stole from the LinkedIn breach, I'm still locked out of the house. Without that code from your phone, I can't break into your stuff.
Remember, use different passwords for important sites. You wouldn't use the same key for your house and your secret candy stash, right? Right!
To make life easier, you can also use a password manager. It's like having a personal assistant for your passwords. It's free, you only have to remember one password, and it keeps you sane.
So, my friend, start using MFA today. Check out your account settings and keep those online villains at bay, protect your information, and sleep soundly knowing you've got an extra layer of security standing guard. Stay safe, stay smart!