Multiple-Factor Authentication: Why It Is A Must

THE PROBLEM

In October 2016, my uncle and I were on a road trip from New York to Boston and on the way he opens up a post I made on my twitter account and asks me to explain to him what the post means and why I would post such. The post was a picture of a half-naked woman with an invitation to click on a link. It was a sort of advert for a hookup site.

The problem here was that yes, it was my twitter account that posted it but it was done few minutes ago and I could not have done it with my phone battery down. This simply means that I had been “pwned”. 

FORENSICS

I was curious to know how this happened. I logged into my email account that is associated with my twitter using my uncle’s tablet and realized someone logged into the account from somewhere in France. I was on the road and had no time to lose so what I did was change the twitter account password immediately.

SOLUTION

Hacking someone’s account (Twitter, Facebook, Yahoo, Gmail, etc.) is totally easy using social engineering. It is therefore important to utilize a system where someone cannot simply have access to your account(s) with the password alone.

This is where the Multiple-Factor Authentication (MFA)/ Two-Factor Authentication (TFA/2FA) comes in. This is a security feature many of us know about but try to circumvent it when it is optional.

MODUS OPERANDI

Multiple-Factor Authentication (http://news.mit.edu)

Step 1: On the login page of your account, you enter your login details (username & password)

Step 2: The MFA security sends a verification code to your phone (or email or any other device you selected) via text or call

Step 3: You enter the verification code

Step 4: You are granted access to your account

RECOMMENDATION

You see, prior to my account being hacked, Twitter had sent me numerous notifications to add my mobile number to the account details in order to offer me more security; I declined because it seemed to be “too much trouble”. If you are like me and have delayed the activation of the MFA/2FA security feature on your Facebook, Twitter, Yahoo or Instagram account due to its inconvenience, please activate it now. In my opinion it is a small price to pay for a better security. The hacker would need to have access to both your password and your phone(or any other device you selected) in order to gain access to it. 

Since I activated the MFA last October, I have received verification codes when I never initiated a login process. This means that people are really attempting to gain access to my account despite changing the password but Multiple-Factor Authentication has got my back.

Stay Safe  😆 

About Chiemela 4 Articles
Chiemela is a cyber security expert wanna-be. He is currently resident in Worcester, Massachusetts. He has worked with corporate organizations like British American Tobacco (West Africa), Islamic Development Bank (Saudi Arabia), Society for Family Health (Nigeria) and Commercial Bank for Africa (Kenya) as an IT consultant. Chiemela's dream is to share the gospel of cyber security with everyday people and tell stories of cyber crime and cyber war in order to expose the often hidden dangers of the internet and how it affects them daily.

3 Comments

  1. Thanks for the wonderful explanation and tips on Multiple Factor Authentication (MFA/2FA). Thanks for leading me into knowing and doing the needful that keeps me protected in the Cyberworld

Comments are closed.