Game of two (login) halves

Game of two (login) halves

While the government of the day has recently pushed cyber-security to the fore, it’s nothing new and is likely more ‘politics’ than ‘large-scale attack’. The motivations for anything politicians do rarely prioritise the community above self-interest.

All the same, in the wake of this scare campaign, it is a good time to have a think about your own cyber-security. To quote the PM;

I’m here today to advise you that, based on advice provided to me by our cyber-experts, Australian organisations are currently being targeted by a sophisticated state-based cyber-actor. This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.

Does this affect you? Probably not directly. If your medical records are inaccessible, if your tax office dealings are blocked, your bill payments fail, your internet service is offline, you can’t pay for groceries at the supermarket – it’s going to be inconvenient to say the least. But there’s not much you can do about it all.

However, your personal cyber-security is still important. Really important. There is only a small chance that you’re going to be “hacked” (broken into). It’s much more about Identity Theft.

If I have enough information and in particular access to your email account, I can pretty much ‘be’ you. I can take out loans, I can buy expensive items, I can cash in your superannuation, I can retrieve passwords and logins to your online accounts.

You MUST protect your email account. Nobody cares who you write to or what you write about – it’s being able to use your email account to pretend to be you that matters. Your email account is often a weak link in the chain.

Can you make it the strongest link? Absolutely. A good password is a great start, of course (no “123456” here!) but there’s a huge improvement that is quite easy to make. It’s called “Two factor authentication” or 2FA for short.

2FA is about adding a third element to your login;

  • who you are (eg. email address or UserID)
  • something you know (eg. password)
  • something you have (a gadget)

Our local Winchelsea & Anglesea Community Bendigo Bank introduced 2FA for their bank accounts years ago. A small device with a button and a display, each time the button is pressed it shows a 6-digit number. When logging in to do internet banking, I must enter my UserID, my banking password and a 6-digit number. Nobody can get in unless they have that device.

The same thing can be done with email accounts. Instead of a device, though, you use your smartphone with an app to generate the number. So likewise, nobody can login to my email account unless they know my email address, my email password AND get a number off my phone.

Note that the numbers generated change every few seconds. It is almost impossible to guess or predict the number, they are generated using some clever randomising maths.

This means anyone trying to break into my bank or email accounts will fail EVEN IF they know my password and UserID somehow.

Have a think about the online logins that you use which would cause you pain if someone knew your password. Especially your email. Find out if you can enable 2FA, and work through the procedure to make it happen. It is so worth it.