So you think you have decent password hygiene? So did one CEO I know. He stresses about security, as should the leader of any organization today. In fact, he cares enough to have paid for a comprehensive enterprise security audit recently.
The good news? His organization was technically secure. With appropriate firewalls, encryption, and security policies in place, he learned that his networks were reasonably secure, and he discovered some technical improvements that would make his systems even more secure.
The bad news? Many of his people were vulnerable to powerful social hacks, and not just his less-technical staff. The CEO himself was vulnerable! Without knowing it, he gave his password away to a stranger during the audit.
Social hacking is surprisingly successful
How could this be? The culprit is the ingenious social engineering that hackers have been employing with surprising success.
In his case, he received an email that appeared to be from his email provider or someone he trusts. The email asked him to update something in his account, and it provided a quick web link. Harmless, right?
Wrong. The email was from a stranger. The CEO clicked the link and unknowingly entered his username and password into a third-party website. He did this once. He did it a second time. He even did it a third time. Three times! Lucky for him, this rogue site was created by the security auditors he’d just hired, so it was harmless.
In the age of email scandals, there is protection at hand
Many others aren’t so lucky. Colin Powell, the former US Secretary of State, and several members of the Democratic National Committee all seem to have given their passwords away to strangers. They might as well have created a highway billboard with their credentials. As a result, their emails were hacked and their personal and professional lives became headlines.
There’s a fix that goes a long way to making email and other accounts far more secure: two-factor authentication. If you don’t have it turned on for your email account, stop reading this now and turn it on. If your email hosting provider doesn’t offer two-factor authentication, change your email to a provider that does. Seriously.
Two-factor is powerful because even if a hacker has your credentials (and hopefully they never will), two-factor authentication requires a second temporary code, typically sent via a text message to your phone, before you or anyone can sign in with a new device to your account.
In the case of this CEO, even if he entered his credentials into a rogue site, hackers wouldn’t be able to log in to his account. They wouldn’t have his cell phone to receive the temporary code. Two-factor also protects users who use the same password across multiple sites. Reusing passwords is by many considered a poor practice, but it’s far worse without two-factor authentication.
Security is a priority at Tiller… and Google
At Tiller, we have built our service around Google Sheets in part because of the security that Google provides. Google has made a significant commitment, visible and invisible, toward security. Google’s chairman has said, and many agree, that their systems are more secure than those of the US government.
But have you enabled their best security features? To benefit from the full security toolkit that Google has created, and to leverage their strong commitment to security, you must use two-factor authentication.
I use two-factor authentication. My family uses two-factor. Everyone at Tiller uses two-factor. You should too.
To enable two-factor authentication with your Google or Gmail account, visit their two-factor site here. https://www.google.com/landing/2step/#tab=why-you-need-it Beyond Google, many banks and most email providers also offer this feature. To find out who else supports two-factor, check this list: https://twofactorauth.org/