You want to be online. You need to be online. But you’re aware of the threats: It’s too easy for attackers to get usernames and passwords, whether through phishing scams, malware, wifi “sniffing” or hacking. URI’s Digital Forensics and Cyber Security Center, a U.S. Department of Homeland Security Center of Academic Excellence in Education and Research, says you can secure your cyber life using the simple technique of multi-factor authentication. With it, those stolen pieces of information are no longer the keys to the castle. Many online services, from financial institutions to Google, provide it for free. There are three primary factors:
- Something you know—e.g. your (strong) password
- Something you have—e.g. your phone
- Something you are—e.g. your finger print
For instance, log on to a Google service like Gmail from an unknown device, and Google texts a code to your phone that you must enter alongside your password to get into your account. An attacker may have your credentials, but likely won’t have your phone—your account is safe. (You can set trusted devices like your phone to require this less often if it’s annoying.) What if someone who knows your password also gets your phone? This is where the third factor comes in—something you are. If your phone is set to require your fingerprint, which most modern phones are capable of, the attacker still can’t get that authorization code.