April 22, 2024

NCSC recommends enabling multi-factor authentication

As part of a national awareness campaign, the NCSC is bringing up two-factor or multi-factor authentication. This should be enabled whenever possible, but at least for all sensitive accounts.

a Strong and secure password It is just one component of protecting an online account from unauthorized access. More and more services are also offering two-factor or multi-factor authentication (2FA or MFA). as part of Awareness campaign “SUPER,” the National Cyber ​​Security Center (NCSC) reminds us of this security mechanism and recommends that users activate it at any time, “but at least for all sensitive accounts, such as email, online banking, and social media.”

If 2FA or MFA is enabled, users must identify themselves with one or more items in order to access a system or account. As the NCSC explains, this extra layer of security is typically something the user knows (eg, a password), something they own (eg a mobile device), and/or something that uniquely identifies them (eg, a fingerprint or facial recognition). ). MFA also often follows the principle of generating time-limited, one-time passwords and thus no real password permanently stored on any system. Read more about it here. Researchers are even working on a method using your heartbeat as an identifier. You will find more about it here.

The authority recommends that users regularly check their 2FA and MFA settings. In particular, keep the contact information provided current to receive notifications of suspicious activity.

Multi-factor authentication always pays off. For example, in April 2022, hackers tried to break into Microsoft Office accounts, But he failed the MFA, as you can read here.

However, hackers do not stop and try to defeat MFA. They do this, for example, through Copy the cookies stored in the victim’s web browser upon successful login or by them Intercept the second factor in real time.

If you would like to read more about cybercrime and cyber security, Subscribe to the Swisscybersecurity.net newsletter here. On the portal you can read daily news about current threats and new defense strategies.