Ride the Lightning

If You Don’t Enable Multi-Factor Authentication, Crooks Will Do It For You!

June 23, 2020

As KrebsonSecurity reported on June 20, the bad guys are figuring how to use your stupidity to their advantage. You SHOULD have multi-factor authentication (MFA) enabled everywhere it is available, but you probably don't. Not smart. If your account is hacked, the criminal will enable it and tie the account to a device they control.

Krebs describes in detail one horror story which took a long time to resolve. You don't want to be where this family was.

Not enabling MFA when it is offered is far more of a risk for people in the habit of reusing passwords across multiple sites. But any service to which you entrust sensitive information can get hacked and enabling multi-factor authentication is a good way to prevent having leaked or stolen credentials used to exploit your account.

Many online sites and services that do support multi-factor authentication are completely automated and extremely difficult to reach for help when account takeovers occur. This is even more true if the attackers also can modify and/or remove the original email address associated with the account.

Using MFA everywhere is one of the most important things you can do to protect your cybersecurity. Almost all account takeovers can be defeated by using MFA. So enable it wherever you can. Sooner is better!

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson