Celebrating 2FA Day!
Tech geeks and security-conscious business owners, rejoice! It’s 2-Factor Authentication Day! In an age where digital security is paramount, this really is something to be celebrated. Let’s double down on the vital role 2FA plays in safeguarding our online data, how it all works, and why it’s such a big deal for cybersecurity. What is Two-Factor Authentication (2FA)? Two-Factor Authentication is all about adding an extra layer of protection. The idea is simple, but effective: You enter your password, as usual, but instead of being granted access right away, 2FA asks for something unique that only you have – such as a special code on your mobile phone. This extra step ensures that even if someone guesses your password, it’s near-impossible to access your account without access to both the password and the unique code. Statistics suggest that 2FA can block 99.9% of attempted account entry attacks. It’s an indispensable security tool for our online services and accounts and keep us all that bit safer online. How does 2FA work? As the name suggests, 2FA is based on the concept of using two (or more) “factors”. A factor is something — that is, a piece of information — that can be relied on to be sure it’s really you who’s logging in. Authentication depends on users having two of the following verification methods: ✔️ What You Know: This includes things like passwords or PINs ✔️ What You Have: This is physical items like phones or apps that generate special codes. ✔️ What You Are: This refers to unique biological features like fingerprints or one’s face. 2FA has been around for quite a while now. Conceived in the 80s, it started to gain widespread recognition and use from the mid-2000s. Before it came along we relied solely on singular our passwords to protect our online accounts. You’d enter your password, and if it was correct, you’d get right in. If someone were to correctly guess or steal your password they’d have immediate access to everything. You might feel like the extra factor takes up too much time. But more often than not, it takes seconds, and when you think about the risks, this little extra step is more than worth it. As well as 2-Factor Authentication, you’ll also come across the term ‘Multi-Factor Authentication’ (MFA). They’re essentially the same thing. 2FA is just a form of MFA — though, it’s true that MFA could potentially refer to three (or more) Factors. There are a few different ways to add an extra layer of protection to your accounts. After you enter your username and password, the second step is where the magic happens. Each option has its own pros and cons: ☒ SMS Token: A unique code is sent via text message to your mobile phone. 77% of accounts now use texting as their method for two-factor authentication, making it a popular and widely trusted choice. ☒ Phone Call: After attempting to log in, you receive a phone call that provides a code verbally. ☒ Email Token: A unique code is sent to your registered email address, similar to SMS. This method is useful for access on devices where you’re already logged into your email account. ☒ Software Token: Involves installing a specialised application on your device, such as Google Authenticator or Authy. These apps generate time-sensitive codes, offering a secure and portable solution for authentication that doesn’t rely on SMS or network connectivity. ☒ Hardware Token: Using a tangible device like a key fob or a USB token to generates codes for authentication. ☒ Biometric Verification: Making use of unique characteristics like fingerprints for identity verification. Once a bit futuristic, this method has become mainstream in the last ten years with the introduction of fingerprint and facial recognition scanners in smartphones. Even with this added security, always stay sharp. Scammers might still try to get your password and second guess. Don’t share the information and make sure your main password is solid and unguessable. So, what is 2FA Day? 2FA Day is a sacred day when tech enthusiasts worldwide throw wild, lavish parties in celebration of the latest developments in online security. The entry code? You guessed it — an exclusive two-factor authentication token. Okay, not really, but 2FA Day does say something about the importance of that extra security step in our digital lives. 2FA Day is celebrated on February 2nd. The date reflects the idea of adding a second security layer, adding a number 2 February. See what they’ve done, there? It encourages us to reinforce that first line of defence with a robust second check. We might owe it a birthday present or two, given how effective 2FA is against financial fraud. National Password Day, by the way, is on the first Thursday of May… So as the day comes around, remember, it’s more than just a clever date. It’s a reminder to fortify your digital life, making it a bit more secure and smarter . As we celebrate 2FA Day on February 2nd, let it serve as a reminder that securing our own data and that of our customers and teammates online is not an option but a necessity. Amen. 2FA with 123 Reg At 123 Reg, we include 2FA as part of Domain Ownership Protection (DOP). When a domain is secured with DOP, two-factor authentication is required for every important change or transfer requested for that domain. Domain Ownership Protection also includes… ✔️ Additional domain privacy on the WHOIS database ✔️ A 90-day holding period with the Ultimate package Keep your personal details private with Domain Ownership Protection All yell for SSL! SSL Certificates are just as important a security product as 2FA or DOP. If you have a website, an SSL can help keep your visitors secure and protect hackers accessing your what’s yours. When visitors see a website has an SSL certificate, it’s a sign they are on a legit site and not a fake one. SSL Certificates are issued and regulated by Certificate Authorities (CAs) to ensure they are genuine. SSLs are so
123-reg Reliability and Value helps to Drive Growth at my1login
Launched in March 2012, Scotland based password manager my1login is making a name for itself as internet users switch onto the critical need to protect their online passwords. The company, which uses 123-reg for domain, hosting and email services, has been making serious strides in the technology sector, with CEO Michael Newman interviewed on the BBC’s online technology section after just a month in business, showcasing the brand’s password management software. So what problem does my1login solve and why is it important? In simple terms, the business offers a solution to users having too many passwords stored in different locations. The company has experienced fantastic traction in their user numbers and is already protecting in excess of 10,000 online accounts. ‘my1login employs military grade encryption, using stronger encryption technology than many online banking platforms. Users’ keys are never stored on the servers and therefore not even my1login employees can see or access users’ data’, Newman said in a recent interview with 123-reg. The incredible start to the business is something that 123-reg is proud to be a part of. Speaking with Newman, it is clear that my1login values the assistance that 123-reg offers his business. ‘We’ve been delighted with both the domain, hosting and email services, together with the responsive support provided when needed most’, he said. In the security industry, reliability issues have to be considered and it is a positive endorsement of our services that such a company chooses 123-reg. ‘Any reliability issues with domain and email provision would have been an obstacle to continued use. 123-reg’s high availability services have ensured this was never an issue’, Newman said. With this is mind, it is no surprise that when asked what services my1login valued the most, reliability was again fundamental to Newman and his team. ‘As an always-on cloud-based password manager it’s vital that my1login are continuously available for our users. The reliability of 123-reg’s email and domain services is of great value in enabling us to provide an uninterrupted service’, he stated. 123-reg prides itself on providing a service that is both price competitive but also gives users control. We are delighted that our philosophy has helped my1login and other customers grow. ‘The speed with which services can be ordered and initialised, the easy-to-use and feature-rich control panel and the competitive pricing model of 123-reg are the perfect ingredients for any business’, Newman concluded. It is our belief that my1login will continue to be successful and we are committed to providing a service that meets the expectations of Newman and his team. It is a wonderful reward for 123-reg to be playing a small part in the success of British entrepreneurs in such challenging times for start-ups. Moreover, the success of my1login should inspire the next generation of entrepreneurs. To find out more about my1login please follow the link to their website.
6 top tips on password security
Almost every week the news channels are busy with a story on another big high-profile password breach, the latest being Yahoo investigating a breach via its Yahoo Voices servers. Here at 123-reg we recently altered our entire password and login procedures to improve customer security and peace of mind, yet even with regular prompting many people still leave themselves open to potential risk. It doesn’t matter how strong the gateway of your information holder, if you make accessing your account easy you make yourself vulnerable. So here’s six tips on choosing your password to minimise the risk of being hacked. 1. Treat your online home as you would your offline home You wouldn’t get the same key cut to open your front door, your back door, windows, car, cupboards, any lockable bags or boxes, etc, so don’t use the same key or password for every account you have. In fact you should use a different password for every website you use. That may sound like a minefield of passwords to remember, but it can be done – perhaps by using passwords that remind you specifically of that site or the services it offers – remember to avoid the obvious though! 2. Ignore Phishing emails We’d like to think we’re all wise to these now, but opening up that email bleary-eyed first thing in the morning you may not be quite as alert as you need to be. The key point to remember is that even if it looks like an official communication – and you can often spot a pixelated logo, or spelling mistake – if you are asked to reveal personal information such as name, password, etc make sure you are certain it is a genuine site. Also beware of the links you click to avoid downloading harmful malware. 3. Change your passwords regularly It may sound like it is complicating matters again, but it pays to be ahead of the game. By setting password change as part of your monthly or even weekly schedule you will re-inforce the importance of password security too, so it will keep your mind focused and help even more towards minimising the risks. There’s a reason many sites will regularly prompt you to change your password, so follow the protocol across all sites you login to. 4. Make sure your password is strong Most sites will give you an indication of password strength when you input a new one, so pay attention. A combination of letters, numbers and symbols works best, as does a mix of lower and upper case characters. 5. Consider using a combination of pass words to create a passphrase If remembering a whole host of passwords is going to prove difficult, this little cartoon may help inspire. Basically using a combination of four random words and swapping their combination between websites, will give you a higher protection than even a standard mix of numbers, letters and characters that you re-use across sites. While it is difficult to guess – even with advanced computerised checking systems – it is very easy to remember as you know the four words used in the passphrase generation as well as your own name and probably have them ingrained in your brain. 6. Don’t be lazy or lax It sounds silly but so much that we do is online nowadays it is easy to forget basic protections. Don’t write passwords down and certainly don’t store them on your PC or laptop – even in encrypted form they are tempting for a keen hacker. Apply the same rules to your password creation whatever site you are creating an account for. Firstly this keeps you focused and trained to using a more secure system and secondly. Finally, while password management sites, apps and programmes may have a place in helping you, remember they are just as vulnerable and probably bigger targets when compared to other websites. Last year LastPass admitted a security breach with the issue again highlighting the vulnerability of using weak passwords. Do you have any password top-tips? Care to share?