'%3e%3crect%20x='109.185'%20y='253.397'%20width='350.859'%20height='857.656'%20fill='white'/%3e%3cpath%20d='M274.77%20708.572H233.194V888.205H286.632C302.651%20888.205%20314.635%20883.711%20322.461%20875.088C330.287%20866.465%20334.322%20851.404%20334.322%20830.149V779.138C334.322%20752.539%20329.797%20734.2%20320.382%20723.997C310.966%20713.795%20295.681%20708.451%20274.77%20708.451V708.572Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M310.966%20610.558C320.015%20601.206%20324.539%20585.295%20324.539%20563.19V530.518C324.539%20490.559%20308.887%20470.519%20277.705%20470.033H232.949V624.768H269.512C287.977%20624.768%20302.039%20619.91%20311.088%20610.436L310.966%20610.558Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M277.582%200C124.362%200%200%20123.399%200%20275.704V1069.3C0%201221.48%20124.239%201345%20277.582%201345C430.803%201345%20555.165%201221.6%20555.165%201069.3V275.704C555.165%20123.52%20430.926%200%20277.582%200ZM426.523%20833.064C426.523%20878.367%20414.539%20912.739%20390.817%20936.423C375.898%20951.241%20356.7%20961.322%20333.221%20966.909V987.677C333.221%201002.5%20320.993%201014.64%20306.075%201014.64C291.156%201014.64%20278.805%201002.5%20278.805%20987.677V971.888H232.949V987.677C232.949%201002.5%20220.721%201014.64%20205.803%201014.64C190.884%201014.64%20178.655%201002.5%20178.655%20987.677V971.888H170.218C150.53%20971.888%20140.625%20962.05%20140.625%20942.496V415.743C140.625%20396.188%20150.53%20386.35%20170.218%20386.35H178.655V357.201C178.655%20342.383%20190.884%20330.238%20205.803%20330.238C220.721%20330.238%20232.949%20342.383%20232.949%20357.201V386.35H278.805V357.201C278.805%20342.383%20291.034%20330.238%20306.075%20330.238C321.115%20330.238%20333.221%20342.383%20333.221%20357.201V388.78C333.221%20389.994%20332.977%20391.087%20332.855%20392.18C354.499%20397.524%20371.863%20406.512%20384.703%20419.386C406.469%20441.491%20417.597%20475.377%20417.597%20521.045V544.364C417.597%20604.363%20397.42%20642.743%20357.556%20659.14V660.719C403.656%20676.265%20426.646%20717.074%20426.646%20782.782V833.064H426.523Z'%20fill='%23FF5C00'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_1_174'%3e%3crect%20width='555'%20height='1345'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
- Why implement 2FA
- Which option to choose?
- Conclusion of the course:
Why implement 2FA
Two-factor authentication (2FA) is an additional layer of security that ensures the person attempting to access an online account is who they claim to be. Instead of just entering a username and password, 2FA requires an additional form of verification.
This second step can be:
- A temporary code sent via SMS.
- A code generated by an application like Google Authenticator or Authy.
- A physical security key that you insert into your computer.
With 2FA, even if a hacker obtains your password, they will still be unable to access your account without this second verification factor. This makes 2FA essential for protecting your online accounts against unauthorized access.
Which option to choose?
The various options for strong authentication provide different levels of security.
- SMS is not considered the best option as it only provides proof of possession of a phone number.
- 2FA (two-factor authentication) is more secure as it uses multiple types of evidence, such as knowledge, possession, and identification. One-time passwords (HOTP and TOTP) are safer than SMS because they require cryptographic calculation and are generated locally on your device, while SMS can be intercepted.
- Hardware tokens, such as USB keys or smart cards, offer optimal security by generating a unique private key for each site and verifying the URL before allowing the connection.
For optimal security with strong authentication, it is recommended to use a secure email address, a secure password manager, and adopt 2FA using YubiKeys. It is also advisable to purchase two YubiKeys to anticipate loss or theft, for example, keeping a backup copy both at home and on your person.
As for potential threats to SIM 2FA, a common example is a SIM swap attack, where an attacker steals a user's phone number by linking it to a SIM card controlled by the attacker, there are several ways an attacker can complete the attack; however, this threat is usually only a major concern for high-profile individuals and people of interest.
Biometrics can be used as a substitute, but it is less secure than the combination of knowledge and possession. Biometric data should be stored on the authentication device and not disclosed online. It is important to consider the threat model associated with different authentication methods and adjust practices accordingly.
Finally, it may be useful to provide a brief context about HOTP and TOTP OTPs: HOTP is a one-time password based on the HMAC (Hash-based Message Authentication Code) algorithm, while TOTP is a time-based OTP. Key features of such algorithms are that passwords can only be used once, each generated value is unique, and a shared key exists between the user's device (client) and the authentication service (server). The primary difference between the two systems lies in how the factor is generated: the TOTP is time-based, whereas the HOTP system is counter-based.
Conclusion of the course:
As you have understood, implementing good digital hygiene is not necessarily simple, but it remains accessible!
- Creating a new secure email address.
- Setting up a password manager.
- Activating 2FA.
- Gradually replacing our old passwords with strong passwords with 2FA.
Keep learning and gradually implement good practices!
Golden rule: Cybersecurity is a moving target that will adapt to your learning journey!
Quiz
Quiz1/5
scu1014.3
Why is it important to gradually replace your old passwords with those generated by a password manager?