Why the two-factor authentication?

Why the two-factor authentication?

By Carla and Tom

Photo from Paweł Czerwiński on Unsplash

Have you ever wondered why online banking has so many OTPs? It’s because cyber security is a big deal, that’s why you hear it on the news more and more. And while you might think that hackers aren’t as interested in your shopping habits as state secrets, you’d be wrong. Whether you are a global superpower or an undercover cat blogger, your data is valuable. Let me explain why “password123” won’t cut the mustard and how two-factor authentication is a must have.

As a digital agency that manages several websites and social media accounts for clients, security is a top priority for us and we take it very seriously. According to Verizon’s 2019 Data Breach Investigations Report, over 70% of employees reuse passwords at work, but perhaps the most important stat from the report is that “81% of hacking-related breaches leveraged either stolen or weak passwords”.

With these findings in mind, there is one key security function that we are making standard for all our clients’ websites: two-factor authentication, or 2FA for short. By using two factor authentication, your identity is verified using to two separate verification methods. It’s nothing new either, it has been available for a while. It works by requiring 1. a password, and 2. a secondary time-sensitive code in order to login. This is an important layer of protection for your website.

We build almost all of our websites on WordPress and so does a third of the web, with over 30% of sites developed on the platform. Wordfence is the most popular security plugin for WordPress and its 2FA just recently became available to sites running their free version as well.

Keeping your website secure is only half the work though, because your email account is probably the most important. We’ve all lost a password and gone through the steps to reset, but those codes land in your inbox, so it’s best to lock that down too. Google Authenticator is an app that generates security codes on your phone, providing extra security for your Google Account. So in addition to your password, you’ll also need a code generated by the app on your device. Wordfence also uses authenticator apps, such as Google Authenticator, to generate unique codes for you rather than relying on text messages.

Besides 2FA, there are some other basic best practices for cyber security that you can share with your friends and family:

  1. Update your login passwords regularly and be sure to vary them.
  2. Don’t leave yourself logged into websites on several devices.
  3. Always log out of websites when you leave them.

If you are feeling a bit spooked about your online security, then that’s good. It’s something which is so often overlooked, but very important in this day and age. If the headlines teach us anything, it’s that hacks are on the rise. Whether you start making use of 2FA or some of our top tips, every little bit helps. If you still aren’t sure, don’t be afraid to ask for help either.