If hackers have stolen your password, the FBI would like to remind you that it’s not over yet.
As part of “National Cyber Security Awareness Month,” the FBI is asking the public to use something called “two-factor authentication,” or TFA. Beyond a password, the second factor is a PIN, a location, or even a “biometric,” an FBI alert states.
TFA can include text messages sent to a user’s phone with a verification code, which can be required as a supplement to a password, or biometric information like a fingerprint.
The measure is recommended especially for business, the FBI noted on Monday. “Many large businesses have already recognized the benefits of deploying TFA to their workforce and in doing so have dramatically reduced the risk of credential theft and the subsequent loss of sensitive or proprietary data. Smaller and medium-sized businesses are encouraged to do the same.”
Criminals “obtain passwords more often than you think” by simply guessing them, beating security questions, or using technical devices like keyloggers or through social engineering scams, the FBI said.
The measure has been commonly available for several years, but many still aren’t using it. A number of cybersecurity breaches over the past year can be traced back to a failure to secure user credentials using such a process, including those of the Office of Personnel Management, the Department of Defense and the State Department.
As a result, authorities have continued to plead with people, sometimes incessantly, to take the necessary precautions.
In August, the FBI issued a warning that email fraud was on the rise. It recounted that business fraud accounted for $1.2 billion in losses worldwide between October 2013 and August 2015, while fraud against individuals in the U.S. accounted for $700,000 in the second quarter of 2015.
Most email fraud is based on a hacker’s ability to access a victim’s email account. Thus in most cases, a secondary verification process would have been sufficient to keep perpetrators out.
However, because it takes extra time to enter more than one set of credentials, plenty of Internet users are certain to disregard the advice. For that reason, the FBI’s alerts are likely to continue, even if they go unheeded.
