Not everyone is a cyber security expert and they don’t all seem to realize that all the recent cyber attacks could have been prevented if a proper cyber security measures were in place. For the common man, it’s easy to be a security pessimist. Hackers and data breaches make headlines on this website and all over the internet every single day. Is there anything a normal person can really do to protect themselves? Actually, yes. Taking a simple and easy step like turning on strong multi-factor authentication like physical security keys, on-device prompts, and text messages turn out to be an incredibly effective way of protecting your online accounts.
I want to devote this blog to the common man who feels pessimistic about the web, cyber space and other web-based tools. I have listed some simple ways to protect your accounts from hackers’ takeovers.
The most effective tool you can have to prevent someone from hijacking your account is a security key. The way it works is that a website like Google can ask for additional proof of who you are beyond just your password. This is the tool used by journalists, politicians, human rights defenders and people for whom cyber security can be a matter of life and death. Another strong option is the on-device prompt. Many important online accounts allow you to use authenticator apps like Google Authenticator, Microsoft Authenticator or, like Gmail, in-app prompts that help prove your identity to the platform. These prompts beat 100 percent of automated attacks, 99 percent of bulk phishing attacks, and 90 percent of specifically targeted attacks.
I must also add that text message two-factor authentication is relatively weak compared to easy alternatives than on-device prompts or security keys provide. But they’re still far, far more effective than having no multi factor authentication at all. Researchers have found that SMS codes beat 100 percent of automated account takeover attempts, 96 percent of bulk phishing attacks and 76 percent of targeted attacks. I would also recommend adding a recovery phone number to your Google or Microsoft Account to block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks. Adding a secondary email address is another positive step that makes account takeovers far less likely.
In the end, it’s understandable why some are pessimistic, but being a security realist might be better for your digital health. Stay educated, take a couple of simple and effective steps, and find yourself as well protected as you can be.