So first up - this isn't really related to web development or digital marketing. We'll call it a Public Service Announcement.
A Nightmare Scenario
Over the past few weeks we've had a number of clients get in touch with us to get assistance and advice with accounts that they believe have been accessed by someone else. This has included email accounts, Facebook business profiles, and even bank accounts.
Unfortunately, these aren't accounts or platforms that we generally manage or setup for businesses, so we were limited with what we could do besides provide advice or refer them to their bank or IT providers.
There was one common thread between each of these situations - none of the accounts or platforms in question had multi-factor authentication (MFA) or two-factor authentication (2FA) setup.
So what is MFA and 2FA?
Multi-Factor and Two-Factor Authentication
In the past, most of us secured our online platforms with a password. More and more though, the risk of others accessing these accounts grew. These days, most internet platforms and accounts now give their customers and users the option to setup MFA, and many make it a requirement.
The most common type of MFA that most of us are used to now are One-Time Passwords (OTP) that are sent via SMS to our mobile phones. Many of us use these for sending money, ordering food online, or logging into email and social media accounts.
Another common type of MFA is the use of authenticator apps. Here at Rhythm we use these for access to our web development platforms, internet banking, and Xero. Google Authenticator is a popular option for authenticating apps.
While OTPs aren't completely safe from bad actors (SIM swap scams can be used to compromise these systems) - and an authenticator app is considered a safer option overall - having at least OTP setup on all of your vital accounts is the simplest way you can sure up your security online, and significantly reduce the risk of the bad guys accessing your client or business data.
The last thing you and business want is that a bad actor is able to get into your business emails because it doesn't have MFA setup, and they then use that to access other platforms such as bank accounts and customer data platforms. Just ask one of our clients that called us in a panic last week with this exact situation!
To find out more about MFA and 2FA, be sure to speak with your IT provider or SAAS support teams.