Why You Should Drop Everything and Enable Two-Factor Authentication Immediately
If you haven’t done so already after seeing the title of this article, please stop reading immediately and enable two-factor authentication (2FA) on every system and service you use that allows it. The reality is that no matter how strong your password is — even that 48-character one with uppercase and lowercase letters, numbers and symbols — it’s not strong enough if your desktop or browser is compromised and your credentials are stolen.
While this might have sounded like hyperbole just a few years ago, every system in today’s environment is a target. 2FA is now part of the bare-minimum security we should have in place but too often don’t.
APTs Are Real and 2FA Is Our Best Defense
Imagine that you’ve received an email stating that you and your vendors are currently under attack by cybercriminals looking to steal your login credentials. The communication from one of your threat intelligence feeds warns that there is credible information about both general and targeted attacks against vendors — more specifically, attempts to log in to accounts using stolen credentials. All you have to do is look at the talk of remote access Trojans (RATs) and threats reported by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and other organizations to realize that this is a real threat and not something you have to imagine.