Think twice about 2FA

Internet security threats in the form of malware are increasing daily and becoming more insidious and invasive than ever before. The source of this malicious software can show up on your computer disguised as emails emanating from well-known companies like Adobe, Amazon, Apple, FedEx, Google and Microsoft or appear after selecting click-bait on news sites or social media platforms. In some cases, after clicking on streaming video content (YouTube, Facebook, Vimeo, etc.), you are warned that Adobe FlashPlayer is out of date and you need to update it. 99 times out of 100, this and other well-disguised scams are fraudulent and you should never click on or install the update.

In recent developments, unscrupulous fraudsters utilizing robotic auto-dialers send out warnings via text or voice suggesting that your cloud or email accounts have been hacked requiring you to take immediate action. You are then invited to call their 800 number so that technicians standing by can help you alleviate this non-existent threat by paying a one-time fee that will protect your computer from future outbreaks. Sometimes, the advertisements produced by adware can appear as uncloseable  windows or audible warnings requiring immediate action. When this happens, you should exit or force quit your web browser. In no circumstances should you follow the instructions to call or chat with an online technician.

If you have inadvertently allowed someone to take control of your computer, there is a possibility that ransomware, a dangerous form of malware, could have been covertly installed on your computer by the online technician who is allegedly eradicating viruses from your computer. It’s purpose is to encrypt your data files and render them unreadable until the payment of ransom is collected. Again, never let anyone take over your computer, and do not give out your credit card, passwords or any personal information for any reason.

To combat these cyber threats and to add another layer of security that is nearly impossible to breach, Apple, Facebook, Google, Yahoo and other companies that provide email, cloud and social media accounts have instituted a system called 2-Factor Authentication (2FA). It is designed to ensure that you’re the only one who can access your account, even if someone else knows your password.  With 2FA, your account can only be accessed on devices you trust (iPhone, iPad, computer). When signing in to a new device for the first time, you are required to provide two pieces of information – your password and the six-digit verification code that is sent to your trusted devices.

2FA dramatically improves the security of your accounts and personal information (contacts, calendars, notes) by requiring a separate code, so your password alone is no longer enough to access your accounts. This keeps the hackers out, however, if you do not have access to another trusted device when you are trying to connect or reset a new device, you may experience insurmountable problems, including a locked out account or a phone that becomes inoperable. If you aren’t in the habit of having the second device with you or you can’t remember your password, an alternative option is to turn off 2FA and answer the security questions like “What is the name of your first pet?” or, “What city did your parents meet in?” Just make sure that you have these answers written down or better yet, put them in the Notes section of your Contacts on your passcode protected smartphone.

At caféMac, we spend a third of our time helping clients with their passwords and security issues. If you write down your account names, passwords and answers to your security questions (include the date you created or changed this information), you will save money and time solving these problems.