Do you love Two Factor Authentication?
Many of us have become acclimated to the use of Two Factor Authentication (TFA) due to its growth and promise of increased security. For the uninitiated, TFA is commonly implemented with a cell phone text message. Once you log into a website, a text is sent to your phone with a code in it, you then enter that code into the website to proceed. While TFA is a terrific addition to the security toolset, it’s not without risks. Here’s one such exploit we’re seeing that you should be aware of.
TFA is increasingly offered as an option for improved security when visiting websites. However, since it’s an added step that slows our access to the next great deal on Amazon, few of us actually opt in to implementing it. It turns out that “option” to add or not to add shouldn’t be an option at all because the option has become a weakness .
Here’s the problem – if your account gets hacked, and you haven’t implemented the TFA option, the hackers will be happy to do it for you, to their own cell phones. Once that happens, you are completely locked out of your account, and the process for regaining control is proving to be tedious at best.
So if you’re like most of us and you elect to pass on the option of adding TFA to your authentication process, here’s one more reason why it’s time to reconsider.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.