HELP! Someone has hacked Jim’s email and just tried to place a $15,000 order at Verizon.-Actual Customer, December 10th, 2019
As the owner of an IT Company that specializes in security and managed IT services I hate getting emails like this. Primarily, because they are 99.99% avoidable.
Managed IT service providers have known if for a long time: all of their customers need to be on multifactor (MFA, sometimes called two-factor) authentication. To this customer’s credit, they were already in the process of implementing MFA, but Jim hadn’t been set up yet.
Research from both Google and Microsoft shows that MFA stops over 99% of password based hacks. Our standard operating procedure is to recommend it to all of our customers. Beginning in 2020, we will require our manged customers to opt-out of it if they don’t want it, it is so important.
MFA is simply adding another layer of security to your account. In its simplest and most effective form you get a push notification on your phone requesting that you approve a login. Other forms may email or text you a code that you have to put into a website.
How do I do it?
- Office 365: Microsoft’s article on enabling multifactor for Office 365 users is here.
- G Suite: Google’s article on enabling multifactor authentication for Gmail users is here. Google actually goes a step farther than Microsoft and allows you to use a physical USB device to log into your account (we use Yubikeys everywhere we can internally)
- Other services: Hackers start with your email but they don’t stop there. See an enormous list of sites that allow you to use two-factor authentication.