It’s Cyber Security Awareness Month and this week we’re talking about protecting your password using two-factor authentication.
According to a Verizon report, 81% of data breaches are due to compromised passwords. You can have the most strict password policy that stipulates complex passwords and mandatory password changes, but if people are falling for phishing attacks, reusing passwords across multiple platforms, and just not safeguarding their passwords, then there’s a risk.
To protect your password:
- know how to spot a phishing attempt
- create a complex password
- don’t reuse your password (use a password manager to help keep track)
- enable two-factor authentication on sites that offer it
Two-factor authentication is an IT security solution that uses two factors to verify identity. These factors include something you know (for example your password) and something you have (like a phone). So if someone gets your password they will not be able to use it without also having access to your phone.
If your password is compromised and someone attempts to use it you will receive a notification that someone is attempting to use your password. You simply decline access and then change your password.
Two-factor authentication is becoming the standard in cyber security. Ryerson and Waterloo have implemented it and a number of American colleges and universities have deployed it to not only staff and faculty, but to students as well. We recently conducted a two-factor authentication Pilot with 156 pilot participants and 7 services enabled and are now planning to roll the solution out to all Finance and Admin.
In addition, many sites offer two-factor as an option. Below are links to instructions on how to enable two-factor authentication on popular sites:
For a full list of websites that offer two-factor authentication, please visit https://twofactorauth.org/