Identity theft is a multibillion dollar industry for cyber-criminals and one of the most coveted pieces of information is the emailpassword combination. This phenomenon is especially true in business environments where hackers use various ingenious methods to gain access to executives’ and email accounts to steal corporate information, trade secrets, information about new products and acquisitions, etc. There are various commercial technical platforms to fight such type of attacks, solutions knows that offer two and three way authentication that can be centrally managed for the enterprise but how does the average consumer protects their email against such attack sophistication? Well major email providers like Microsoft and Google have taken notice of it and pushed out solutions that can easily be implemented to minimize the likelihood someone stealing your email credentials.
Two factor or two step verification: It is a simple concept that requires two or three security “combinations” to grant access.
We can say that your password is a “one way” or “one step” authentication, you know your email address and your password, that information along is enough to gain access to your account. The issue arises when you password is compromised, that means that the other party can easily gain unchallenged access to your account because they know your email and password. There are multiple ways your credentials can be compromised, one of the most common one is a simple key stroke logger where a software simple “records” all your keystrokes that can later be viewed by the hacker to see your password in clear text. Another simple form is by guessing or brute forcing your password, remember, hackers already know half the answer by knowing your email address.
In two step verification you go beyond the emailpassword combination by adding another layer another of security that can be: something you have (token, smart card). That token or smart card device provides “another password” via different means that is set to change based on the system policy, meaning that even if your token for the session was intercepted it will not be the next time.
With that in mind let’s go over the setup of two factor authentication on Microsoft Services such as Outlook and Hotmail.
- To turn on or off two factor authentication you first must go to the Security settings page and login with your Microsoft account:
- You must verify your identity, Microsoft service will send you a verification code or email to the telephone number or alternate email your provided during the account creation to ensure you are authorize to proceed with the configuration.
- Enter the Verification Code sent to your phone or alternate email.
- Select Set it up now. This option will allow up to setup an application on your smart phone to manage the two factor authentication.
- Select the type of smart phone you are using:
- In my case I want to install the Microsoft Application on my iPad, follow the instruction to download it to the appropriate device. Upon sucessful setup the application synchrozes itself with the Microsoft account and provides the secuirty codes. Enter the security generated by the app.
- Once the application is setup every time you or someone attempts to login to the account you will be prompted to another piece of information, thus making it a two factor or two step verification.
Microsoft’s Two factor email authentication offers consumers users a similar level of protection fortune 500 companies have, by implementing two factor authentication user minimize the likelihood of email compromise and in a world that is becoming more digitized this type of solution is becoming something everyone need to use at one point or another.
JDTechSolutions is an IT support company servicing small business in Northern NJ and NYC. We specialize in desktop support, network administration, and information security services. Our reliability, technical expertise, and strategic technical vision provides an edge to small business over their competition. For information about our services contact us at 888-580-44450