Let us start with a reality check – passwords get hacked and stolen all the time, this is a fact!
Passwords are compromised when they are “hacked” by professional hackers, or exposed through careless user behavior, and even discovered by “password guessing”, which uses information readily available in social media and other sources, things like birthdays, names of children and relatives, pets, school names and so on.
Even if you are a careful and responsible user, choosing only secure and smart passwords, you can be under threat from a penetration from the server side, which is totally outside you control.
You need a password anyway – so choose it wisely:
- Create a password which is not connected to yourself in any direct way. For example, you can always choose something suitable for the moment, or chose an object that is right in front of you
- Create a smart password that includes letters, numbers and at least one complex symbol
- Create different passwords for different sensitive accounts, for example – different and non-connected passwords for your bank, Facebook or eBay accounts, so that if one of the password is compromised, other accounts still remain protected.
- You should be especially careful when working with systems that can cause significant financial damage, like banks, PayPal, etc
How can you protect yourself ?
You cannot depend just on your password, you also should use an additional authentication method:
Two-Form Authentication is based on the principle of using two verification stages in order to access the system:
- Additional verification key, such as text message or a mobile app
Accessing a secure system must necessitate verification by both methods simultaneously, so that even if the password is lost or stolen, and comes into possession of an unauthorized persons, it will not be possible to access the system without the additional verification.
The Way It Works:
It can be seen using the example of Gmail: if you have a enabled a two-form verification function for your Gmail account, you will be required to type in your password, and straight after that to input a code that will be sent to your mobile phone by text message.
Why It Works:
Two-Form Authentication raises the level of verification for your personal identity and makes it much harder for a stranger to hack your account
In most cases, two-form authentication is based on using your mobile phone, utilizing text messages or dedicated applications.
- Mobile phones and the text messaging tools are usually the more secure of most personal computer systems. They are very difficult for most hackers to be able to penetrate them, most of them just do not have the tools for that
- Your mobile phone, together with its text messaging ability, is usually in your direct and personal possession, ensuring that an additional verification code will be delivered to you personally, checking your identity in order to be sure that you are the person trying to access the account
This way a two-form authentication system ensures that you are the person typing in the password, and not a wrongdoer.
Two-Form Authentication – two barriers for the hacker:
Two-form authentication forces the hacker to try and penetrate two defence barriers simultaneously. This makes the penetration process extremely difficult, and in most cases this will be enough to deter the wrongdoer from even trying.
Activating it – for a private user:
These days, most popular websites and applications, such as Gmail, Facebook and Dropbox, are equipped with integral built-in two-form authentication capability, you just need to activate it.
Below you can find the activation links:
Activating it – for a business user:
These days a business user cannot have any excuses for not securing his system, as the two-form authentication can be integrated in almost any business or office system.
Now it is possible to implement two-form authentication even for SSO (Single Sign On) systems, and obtain the management and security capabilities of Active Directory environment together with the protection given by two-form authentication.
Here is the list of business services that have the capability for integrating two-form authentication:
- Active Directory (for accessing the operating system)
- Terminal Server
- Outlook Web Access
- ERP systems
- CRM systems
- All the AZURE/365 products, provided by Microsoft, have the capability for integrated two-form authentication solution
- FORTINET offers integrated two-form authentication in most of its products, through the easy and effective use of their cloud network, which serves as a verifying tool, without a need to integrate a RADIUS server
Below you can see our demo clip for Secure Envoy application that enables 2FA in the full AD environment, describing access to a computer, terminal server and OWA