You need to implement Multi-Factor authentication to protect your critical business data and cloud services.

/in , /by
Second Factor (MFA) Authentication – something you know, something you have.

Have you implemented 2FA yet?

Let’s begin with what is Muti-Factor or 2 Factor authentications. The simplest definition is; something you know like a password and something you have like a USB token, SMS text, authenticator app on your cell phone.  The best 2-factor authentication process is the one you will use.  Any 2FA is better than no 2FA.  I had a debate with a “security expert” who said SMS authentication is not secure; it is true that it is not the best choice. It is better than relying on a password alone.  I would not recommend clients relying on SMS to protect their most valuable assets. Start with something that works for you for ‘the something that you have,’ like SMS or voice call. Develop the habit of implementing Multifactor authentication everywhere.

Large enterprises have been using multi-factor authentication for decades to protect their systems and data against unauthorized access. What I find interesting is for the past 15 years, a friend has had a small token calculator for accessing their European bank account online; nice to see financial institutions protecting their clients.  I would love to see this level of protection in Canadian banking institutions; however, SMS is a good start (It is an improvement over nothing).

So how does 2FA work?  You first need to set up your multi-factor authentication method with the application you desire to secure. 

How to secure our LinkedIn account with Second Factor Authentication. 

  1. We first login normally.
  2. Click on me
  3. Select Security and Settings
  4. Choose Account Tab
  5. Under login and security choose two-step verification
  6. Turn on
  7. Choose SMS or Authenticator app
  8. If choosing the Authenticator app. Install the Google, Microsoft, Authy or other authenticator apps on your device, which you will always have with you.
  9. Using the authenticator app – to add the account, scan QR code with the Authenticator.
  10. When the Account shows up added in your authenticator app, enter the 6-digit code on LinkedIn to verify the Authenticator activation.
  11. LinkedIn will confirm that Two-step verification is activated successfully.
  12. Now each time you log in to LinkedIn, enter your username and password. Then you will be prompted to enter your 6-digit code from your authenticator for LinkedIn.
  13. You will get an email to your LinkedIn registered email notifying you that you have enabled two-step verification.

Using 2-factor authentication becomes an automatic habit that protects our identities.  Yes, it is an inconvenience, just a little; however, the increase in protection is worth it. An account compromise is a major inconvenience.  Please consider this years ago, people complained of the inconvenience of wearing safety belts in their cars, now people don’t even discuss it, it is part of our safety culture. Let’s all make protecting and securing our identities as a part of our security awareness culture.

There are ways to create two-factor authentications for your business. If you have questions, stay tuned for future blog articles.  Please feel free to reach out by message to speak with me about two-factor authentications to protect your organization. If your needs are pressing, please call my office to arrange a time to meet by phone or Zoom meeting.

The worst advice is not to implement any two-factor authentication as that method is not the best or most secure.

Stay Safe and Secure.
Jeff S Brodie
Managing Partner – Codefusion Communications Inc.

Do you have feedback or questions? Feel free to schedule a call to speak with me.

Your FAV browser is under attack – Google Zero-Day vulnerability UNDER ATTACK!

/in , , /by

Halloween is meant to be fun! However, this news released by Google is downright frightening; about another ZERO-DAY vulnerability. You need to update your Google Chrome browser immediately. This news meets the theme for FRIGHT NITE!  In a Halloween fright night announcement, Google discloses a Zero-Day Vulnerability. This announcement releases information identifying Google Chrome cyber vulnerabilities; putting Millions of devices at risk!  

Chrome Browser – Cyber Attack Target

“Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild,” Google Chrome security team said in a blog post. Is there nothing sacred anymore?  Not in the digital world. This is a great move for a developer to be documenting their vulnerabilities on their blog.  It is a good thing that others like Forbes also pickup and publicize the news getting the information out to the public at large. 

The boring details that the few want to know! When developers create massive programs like Chrome there is 1000’s of lines of software code. This inevitably can expose the program to attack when clever and malicious Threat-Actors (those with criminal intent to steal your information), learn of these bugs which allow them to use the ‘software bug’ to gain access to computer systems running the program through the application bugs (vulnerabilities). Google along with many security testers (good guy – White Hat Hacker) organizations test, discover and report these bugs and vulnerabilities. The software owner will develop a fix (patch) to correct the software bug in their software to close the loophole (vulnerability).

The moral of this story: You need to be vigilant in this assault against vulnerabilities. Organized Cyber Criminals are using to target user systems for data theft for profit.  Most importantly keep your software and security patches up to date. (When you see a little Red Arrow in the Top right corner click on it to update your Chrome browser.)

Stay Safe and Secure.
Jeff S Brodie
Managing Partner – Codefusion Communications Inc.
Have questions? Book a free consultation call with us?