Security breach…yet again. This one is notable for involving personal (in many cases intimate) photos of celebrities being hacked and stolen from iCloud. Apple has released a statement indicating that the hacked accounts were subject to a brute force attack in which a hacker knew the email address and relentlessly tested passwords and secret answers until the correct ones were identified.
Regardless of the details, the immediate lesson is that our data and information systems are always at risk of breach. Many of the photos in the celebrity hacking incident date back over 3 years, suggesting that the hacker(s) had access for at least that long.
Scary to say the least.
The good news is that there are steps you can take to protect yourself. One of the most important, and least used, is Two Factor Authentication, known in IT circles as 2FA.
Two Factor Authentication works by requiring you to provide two “factors” to access information.
- Factor #1 – Something you know. This is generally a password. Hopefully secure. Sometimes not.
- Factor #2 – Something you have. This can be anything from a key-fob to your smartphone.
2FA works because while someone might eventually know something you know, it is unlikely they will also get something you have. One of the most common forms of 2FA involves text (or SMS) messages. You can set up your Facebook account, for example, to send you a one-time code to your phone whenever you try to log in.
The really good news is that nearly all popular services and platforms now offer 2FA. Google, Evernote, DropBox, iCloud, Facebook, Twitter, Yahoo…the list is pretty long.
Office 365 announced 2FA support back in February 2014. Even though it adds another step to logging in, you might want to consider implementing it for your organization.
While we may not be at the same level of risk as the unfortunate celebrities hacked in this incident, we are all prone to underestimating the risks we face, and risk having to address the problem after it is too late.
You can find a thorough list of sites and services that support 2FA at twofactorauth.org.