By Laura Haight
Sometimes, it is the easiest things that make the biggest difference. They're often overlooked, too obvious or too simplistic to be really good, right? Not always.
Millions of dollars are spent annually on hardware and software to prevent data breaches, hacking, malware and other system exploits. I've heard plenty of people scoff at the simple idea of passwords. 'Don't just tell us we need strong passwords,' they say. 'Give us BETTER advice.'
Last week, Facebook's Chief Security Officer Alex Stamos urged everyone to accept the fact that they are a powerful force in protecting themselves and their companies from data incursions. And all they have to do is create strong passwords, use a password manager to remember them and use two-factor authentication.
Hackers hack what they can and see where it takes them. Since the vast majority of users continue to use weak passwords unless forced into strong passwords by enforced policies on their email servers, there are lots of ways into companies. So you are just a mid-level employee with nothing of interest? Not true, hackers will use you to springboard to someone else until they get to higher-value targets.
If we do what we CAN do, we will shut down a lot of the avenues hackers take.
Two-factor authentication is particularly important. That's adding a second layer of security to your login. Usually it's something like Google Authenticator. You download an app to your phone and when you log in to a website or service (let's use Dropbox as an example), a code is sent to your phone. You enter that code into the site and you gain access. If someone has managed to guess or steal your password, it's highly unlikely they also have your phone.
DropBox has announced support for a new highly secure standard which uses a physical key in a USB drive to unlock your account - along with a strong password. It's an even higher level of security for larger businesses using Enterprise versions of the service.
But the service supports a two-factor authentication system using a variety of methods from basic text sent to your phone, to several different authentication apps including Google Authenticator. Whichever platform or app floats your boat, two-step authentication is a significant layer of protection.
We are all vulnerable. But we are not all helpless and sometimes it's the overlooked basics that can make the biggest difference.