October is about all things pumpkin and spooky, but unfortunately, not all ghouls and goblins will settle for candy. There are thieves looking to steal your money and identity, and many are doing so through your online accounts.
Every two seconds, someone is a victim of identity fraud. That’s why the Better Business Bureau is teaming up with the White House, the National Cyber Security Alliance and dozens of public and private sector organizations to call on consumers and businesses to “Lock Down Your Login.” The campaign coincides with National Cyber Security Month and focuses on steps anyone can take to make their online accounts safer.
According to NCSA, 72 percent of Americans believe their accounts are secure with only user names and passwords. As hackers get more resourceful and data breaches continue, user names and passwords are no longer a sufficient solution to secure accounts. Millions of Americans have had their online accounts hacked and personal information compromised because of stolen credentials or weak logins.
Many websites and online services offer strong authentication, but most users don’t know they exist or haven’t enabled it. The NCSA reports 61 percent of Americans have never enabled two-factor authentication, or 2FA. This tool is a focus of the “Lock Down Your Login” campaign.
Bill Fanelli, chief security officer with the Council of Better Business Bureaus, explains two-factor authentication: “2FA means using any two of something you know (such as a password or PIN; plus something you have (a phone, a USB security key), or something you are (fingerprint, facial recognition). To add two-factor authentication to your phone, you can use a fingerprint (something you are) and a PIN (something you know). To access your email, you can put in a password (something you know) and receive a text message with a code to enter (this proves you have your phone).”
Often times, users can opt-in to 2FA for anytime they log in, or they can choose to enable 2FA for the first time they log in to an account from a new device. Many websites will notify you by email or text if someone logs on from a different device.
Check your accounts, especially email, banking, and any that store sensitive personal or financial information, and see if you can enable additional authentication. It’s a small first step to making your online life a little bit safer, so the only thing you are freely giving away this month is candy.