Take control with MFA

Taking control

Taking control of your online accounts and making sure they don’t get hacked is easier than you’d imagined. One of the biggest risks to your privacy and your finances is if someone breaks it to your accounts, be it a banking or credit account or an online account such as your email provider  (Google, Yahoo, Outlook, etc.) or even one of your social accounts.  You hear about it all the time, “Someone took over my Twitter!” and “Someone hacked into my bank account”. Sadly, these incidents aren’t as rare as we’d like them to be, but, there are easy options to prevent them from happening. Your bank and most email providers have default security features designed to protect you, however, if a hacker knows your password, they can probably break into your accounts – even if you change part of your password every few months. your password every 2 weeks.  This would allow your attacker to easily take over your account, a super common type of cyber-fraud method called “Account Takeover” (ATO). This is one of the biggest cyber threats to corporations today and is commonly referred to as “Business Email Compromise” (BEC). 

To better protect yourself and steer clear of ATO by following these steps: 

• Get Your Cyrus Pineapple Report
  
  You can do this by simply emailing you@cyrus.app (feel free to include a pina colada recipe or just say hey), and we will send you back a list of what personal information of yours is exposed on the Dark Web. Easy!

• Change Exposed Passwords
  
  If your Pineapple Report included any passwords, you should change those passwords for every account they were used on. We recommend doing that ASAP, especially if there are major accounts like email addresses or bank accounts you use this password for. If a password has been exposed, that means it’s essentially public knowledge on the Dark Web and every hacker on the planet can see it or buy it if they want to. So what next?

• MFA Everything
  
  Multi-Factor Authentication (MFA) is the most effective way to prevent anyone from entering your account. It means that every new device that attempts to enter your account will have to be verified not only by your password but also by another means of authentication, usually your phone. Major companies like Google and Apple employ their cross-device MFA mechanism, but other than that, the most common form of MFA is an SMS to your mobile phone with a one-time code you need to enter (most commonly 6 digits). This is also referred to as Two-Factor Authentication (2FA). Another option is to use one of the common authenticator apps such as Google Authenticator, Microsoft Authenticator, or DUO. These are considered much safer since they are apps on your mobile device and are connected with your major online account (hence “Multi-Factor”)

Challenges

The more aggressive personalized attacks include a “SIM Swap.” This is usually the “last mile” of a longer attack – the hackers have already obtained the password to your account, and now they just need another way to authenticate (your SMS-based such as 2FA) – so they can get in easily and perform any transactions they’d like. These are more sophisticated attacks, but if you don’t have 2FA, the hackers won’t even have to go through this more sophisticated step.  The authenticator apps are also not perfect: the problem here is that if you upgrade your mobile device, it could get complex to transfer the authenticator app and get back into your account.  Both SMS-based and app-based MFA have their shortcomings, but the bottom line is that it’s truly the best way to prevent ATO and protect yourself from becoming a victim of rapidly increasing cyber-fraud incidents.  Be sure you have MFA or at least 2FA on all of your online accounts. It’s usually easy to activate via your account settings, security, and privacy. Setting up MFA will make you significantly safer online and make your accounts far more difficult to hack.