So first up - this isn't really related to web development or digital marketing. We'll call it a Public Service Announcement.
A Nightmare Scenario
Over the past few weeks, we've had a number of clients get in touch with us to get assistance and advice with accounts that they believe have been accessed by someone else. This has included email accounts, Facebook business profiles, and even bank accounts.
Unfortunately, these aren't accounts or platforms that we generally manage or set up for businesses, so we were limited with what we could do besides provide advice or refer them to their bank or IT providers.
There was one common thread between each of these situations - none of the accounts or platforms in question had Two-Factor Authentication (2FA) or multi-factor authentication (MFA) set up.
Multi-Factor and Two-Factor Authentication
In the past, most of us secured our online platforms with a password. More and more though, the risk of others accessing these accounts grew. These days, most internet platforms and accounts now give their customers and users the option to set up Two-Factor Authentication (2FA), and many make it a requirement.
The most common type of MFA that most of us are used to now is One-Time Passwords (OTP) that are sent via SMS to our mobile phones. Many of us use these for sending money, ordering food online, or logging into email and social media accounts.
Another common type of MFA is the use of authenticator apps. Here at Rhythm, we use these for access to our web development platforms, internet banking, and Xero. Google Authenticator is a popular option for authenticating apps.
While OTPs aren't completely safe from bad actors (SIM swap scams can be used to compromise these systems) - and an authenticator app is considered a safer option overall - having at least OTP set up on all of your vital accounts is the simplest way to secure your online accounts and significantly reduce the risk of unauthorised access to your client or business data.
The last thing you and your business want is for a bad actor to get into your business emails because it doesn't have Two-Factor Authentication set up, allowing them to access other platforms such as bank accounts and customer data platforms. Just ask one of our clients who called us in a panic last week with this exact situation!
To find out more about Two-Factor Authentication (2FA) and MFA, be sure to speak with your IT provider or SaaS support teams.
