Two-Factor Authentication: Things You Should Know

The top piece of security advice we give here at Hilltop is to enable two-factor authentication for all users within your organization. One of the most effective ways to keep your data safe is by adding a secondary authentication to your username and password. It could be the one thing that keeps hackers from stealing your data.

Protecting the most valuable… your email.

If there's one online account that's worth protecting above all others, it's your email! Not only does it hold all your private conversations, but it can serve as a gateway to your other accounts.

Most online services ask users to sign up with email and rely on email accounts to reset passwords and send important communications. Therefore, an attacker with access to your email has immediate access to your accounts. Through your email, passwords can be reset, and communications can take place with technical support staff at websites that they are trying to gain access to.

Enable two-factor authentication for your email TODAY, if you have not done so already. It is also important to implement this service for all systems within your organization. Encourage employees to adopt two-factor authentication with not only their work-related devices, but with their personal devices as well (personal devices often contain work-related data).

Install a password manager:

Make your next priority installing a password manager. The most popular password managers have a two-factor authentication option.

To trust or not to trust:

Many websites that support two-factor authentication allow users to mark devices as trusted when they authenticate for the first time using both factors. This essentially disables two-factor authentication for those trusted devices and allows the user to authenticate with only their password in future.

This is good for ease of access, but it's not great for security. If you turn off two-factor authentication for a trusted device, you can make it easier for hackers if they get access to your trusted devices, thereby gaining access to your accounts, so you should be aware there is a trade-off.

Fortunately, most websites give users the option to remove any of their previously trusted devices in case they are lost or compromised.

Your phone is the key… what are the risks?

Your phone will be central to your two-factor authentication experience. It will be used either to receive codes by SMS or to generate them using special authenticator apps. But phones are easily lost, stolen or broken.

Most online services have contingency plans for those scenarios. Some companies allow users to specify a backup phone number that can be used for account recovery. Others provide backup codes when turning on two-factor authentication that can be printed on paper and kept in a safe place.

If these options fail, you will have to call or email the company's technical support department and prove the account is yours. Most online services have secret questions used during account set-up that are used for account recovery. Keep in mind, getting completely locked out of an account is extremely rare.

Hilltop strongly recommends increasing the security of email accounts for our clients. Multi-Factor Authentication, while not entirely foolproof does make it a hundred times harder for someone to try to hack your email account(s). Adding Multi-Factor Authentication to your email accounts will greatly reduce your risk of being hacked.

Can Hilltop help me get Multi-Factor Authentication in place?

If you are already a valued client of Hilltop please reach out to your Account Manager for next steps.

Not a Hilltop client, but interested in getting help setting up two-factor authentication? Contact Hilltop Consultants today by submitting the form below.