I have had several family members and friends lose access to their social media accounts, have malicious emails sent from their address, and even succumb to ransomware. The nature of these “hacks” or “attacks” varies widely, so there isn’t a “one-size-fits-all” solution. But, even though there are many ways to break into a house, doesn’t mean we don’t lock our doors or leave the key in the mailbox for everyone to use. Our virtual world should be no different than the physical world. Having a username and password is akin to having a front door and windows. It’s no longer enough though. So, “what is the next step?” you ask. Lock the door.
The next layer in account security is referred to as “Multi-factor Authentication (MFA)” or “Two-step/factor Authentication (2FA)” in geek lingo. Some sites also refer to this as email or text verification. Quite simply, it means that upon logging in to an account with your username and password, you will receive a notification, text, or email with a code to then input into the site or app. This also means you would receive a code when someone else tries to login to your account. Without it, they can’t login. This is known as the “something you know + something you have” philosophy. One extra step, like locking your door, gives you added security and a warning that someone else is trying to get access. Most mainstream apps and sites have this option. Some even use it by default now. The links below take you to the instructions for several of them.
For an extensive listing of sites that support MFA, see https://twofactorauth.org/
The key to securing your accounts is to do it purposefully and gradually. Doing it all at once can be overwhelming. Just focus on your most important and frequently-used services first. Then branch out from there as you use them.
Now, for those of you who like to go the extra mile, there are several additional things you can do in this same space. (For those that don’t or are already anxious, you can stop reading now.) Many services allow for recovery codes, recovery phone numbers, login notifications, automated account lockouts, one-time passwords, security keys, and authentication apps. You will need to look at each one to see what they provide and decide what you want to implement.
Personally, one other measure I take is to use the authentication app, Authy. Alternatives, such as Google Authenticator, do exist, but Authy is a little more independent, flexible, and secure in my opinion. It has served me well, responding every time I need it to and integrating seamlessly with every service I’ve used it for to this point. I highly recommend it.