You may already know that bad actors hack and expose millions of user accounts and billions of data points every year. It’s likely your info was part of a data breach that occurred sometime in the last few years. After Yahoo let over three billion user accounts out the door between 2013 and 2014, the fact that hackers stole 500 million customers’ information over four years from both the Starwood and Marriot brands didn’t seem quite as bad. We’re becoming accustomed to seeing our data exposed.
The average data breach costs businesses $3.92 million. Thankfully, you can (and should) add layers of protection to your accounts. In this article, we’ll explain why we’re big fans of multifactor authentication on cloud workspaces, user accounts, and everything else.
Hackers Can Quickly Crack Your Passwords
Even if your data isn’t directly stolen, did you know that password cracking software can identify any eight-character password in 2.5 hours or less? Make it a nine-character password, and it’ll take a week. 10-character passwords can take months to crack. Wondering about 12-character passwords? On today’s GPU-driven supercomputers running the best cracking software, that’ll be more than a couple of lifetimes (200+ years). Unless, of course, you’re using sensible passwords like spelling out your birth date, and then you can shrink those timelines down exponentially again to seconds, minutes, or hours.
Long, randomized, complex passwords that are never re-used are a good start to your data protection, but there’s another layer of protection that will do even better.
Why Multifactor Authentication Is Essential
Multifactor authentication (MFA) will protect any account from an unauthorized user gaining access, even if someone obtains your account info. MFA relies on a second layer of security, often tied to a physical person or device. This is typically a code generated by a companion application from the account owner’s smartphone, a hardware token such as a USB device, or even a fingerprint or retinal scan that is used in conjunction with your password. So, when you sign into an account with your username and password, multifactor authentication software pings another device (often your phone) to confirm you’re signing into your account, allowing you to deny access even if someone had the correct username and password.
Multifactor authentication is a powerful tool offered by most organizations where data integrity is important. You can usually find it within your “Account Settings” for any particular application or account. Microsoft has begun to require MFA enabled by default on certain Office365 accounts. Virtual Systems also partners with DUO security to offer MFA on cloud workspaces and virtual private servers. Not only is it good for your account data and security, but many organizations will also incentivize the use of MFA to help protect your data. In the video game world, Epic Games offers free games every month that can only be claimed with an account secured by MFA!
Just this year, another large data breach was announced, impacting 160,000 Nintendo user accounts. The hacker group used information saved to the breached accounts, such as credit cards, debit cards, and currency to make in-game purchases and transfer the funds to their own accounts. Most of the money was not recoverable. There were, however, a group of users who were unaffected by this breach: users that had multifactor authentication enabled.
Virtual Systems: Committed to Safe Data Retention and Management
At Virtual Systems, we take data security seriously. That’s why our team consistently recommends multifactor authentication and other measures to our clients. We partner with DUO, a leader in user-centered MFA, creating practical and robust data management and security solutions. If you’d like to learn more, contact us today.
2019 cost of a data breach report. (2019). IBM. Retrieved from https://www.ibm.com/security/data-breach
Rafter, D. (2019). 2019 data breaches: 4 billion records breached so far. Norton. Retrieved from https://us.norton.com/internetsecurity-emerging-threats-2019-data-breaches.html
Swinhoe, D. (2020, April 17). The 15 biggest data breaches of the 21st century. CSO. Retrieved from https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
Wagenseil, P. (2019, February 15). It’s time to kill your eight-character password. Tom’s Guide. Retrieved from https://www.tomsguide.com/us/8-character-password-dead,news-29429.html
Whitney, L. (2020, April 30). Nintendo data breach reportedly caused by credential stuffing. Tech Republic. Retrieved from https://www.techrepublic.com/article/nintendo-data-breach-reportedly-caused-by-credential-stuffing/