Problem
8.4 billion private records have been exposed in hacks from JUST Q1 2020 including hacks on Facebook (420M), Microsoft (250M), and Twitter (330M). Security pros say “it’s not a matter of if, it’s a matter of when” a breach will happen to any company. In those breaches, your name, email address, username, password, and more could get released in dumps that hackers use daily. Someone will eventually get a hold of your username and password and try to login to your accounts. That’s a fact.
High-level solution
A password manager keeps the damage confined to a single account. Two-factor authentication (2FA) solves this. The first time anyone tries to login into an account of yours on a new device, they’ll be asked for a unique 6-digit code after they enter the password that is generated just for that login. A hack against you would only succeed if the attacker had physical access to your smartphone at the exact moment that they try to login. 2FA on your accounts can stop the hacker by blocking new logins without the 2FA code. Simple. There are multiple ways services implement 2FA, but the app-based methods are always better than SMS methods that are more vulnerable to SIM hijacking. Enable it on all your accounts.
Recommendation
I recommend using Authy. It has:
- Great apps for your mobile device and desktop
- Sync across multiple devices
- Encrypted backups of your 2FA keys in case you lose your phone (you can get locked out of your accounts if you don’t have a backup of your 2FA codes!)
You can download it and get started here:
