Multi-Factor Authentication

Our last blog on security (found here) highlighted how to create and use strong passwords to reduce the risk of having your online accounts taken over in a “brute force” attack.

This blog post will look at how you can still protect access to your accounts even if bad actors have your account username and password.

When you log into most accounts, you are asked to verify yourself by providing something that you know. Usually this is done by typing in your password.

Many accounts now offer, and some require that you provide a second method of verifying yourself. This is known as Multi-Factor Authentication (MFA), Two-Factor Authentication (2FA) or Two-step verification (2SV). In addition to providing something you know, you are also asked to authenticate yourself with something that you have. This could be a one-time code sent to your email address, a code texted to your phone, or a notification on an authentication app on your phone.

So, how can you get started using multi-factor authentication to ensure that access to sensitive financial and personal information is protected?

1. If you use online banking services, you are likely already using Multi-Factor Authentication. Most banks send a one-time code by text message when you access their website from a computer the bank does not recognize.
2. If you have a T.L. Baker web portal, you have the option to enable multi-factor authentication. Instructions to enable and begin using MFA can be found here: http://cs.thomsonreuters.com/ua/netfirm/nc_user_cs_us_en/common/manage-mfa.htm and here http://cs.thomsonreuters.com/ua/login_security/cs_us_en/videos_htm/video-mfa-netclient-portal.htm
3. Online service providers like Google, Microsoft and Facebook have options to enable MFA on their accounts.

What’s old is new again: What’s next for multi-factor authentication?

To open and start your car, you need your car keys. This seemingly old technology is making its way onto computers. You can purchase a security key that plugs into your computer and serves as the second “something you have” method of verification. Google has been using security keys for employees since 2012 and they report it has been effective at preventing bad actors from taking over accounts of their internal employees. You can read more about security keys here:

            • https://www.yubico.com/why-yubico/for-individuals/

            • https://cloud.google.com/titan-security-key/

Our final post in this security series will talk about how keeping current with your accounting system can help you more quickly identify data breaches impacting your financial accounts.