Important information as a 2nd level of access protection?
How about writing your bank account passwords directly on Facebook, to make it easier and less work for hackers?
On social networks, the vast majority of users "blabber" about each other more than is healthy. Or acquaintances will do it. Personal questions as another authentication factor are risky. Previously, "secret information" tunisia phone number list such as the name of your wife, where you studied, the name of your first dog , or where you were born are literally written by billions of people on their Facebook profiles . If a bank calls me and even today, when verifying your identity over the phone, they ask for my date of birth, I sit there with my mouth open. Then I ask myself how the caller can prove to me that they are a bank representative and not someone who wants to rob me? This is followed by stuttering and total unpreparedness. Everyone knows your phone number, just as anyone can pretend to be a banking specialist. All they need to do is know how to set up a virtual phone number .
Did you know that your password may already be an open secret?
The vast majority of users do not master the habits of creating strong passwords. So passwords like 123456, password, password, admin, qwerty or something similar are created . Those who come up with an “extra tough” variant usually end up with the name of their dog, wife, lover, vacation spot, birth number, or city , add the current year , and secure it with a hyphen . The aforementioned thought processes have long been known in hacker circles and are incorporated into computing algorithms. They will most likely be able to automatically generate your password – and they will probably try to use it someday.
A prime example of a victim of social engineering is US President Donald Trump . In 2012, his Twitter account was hacked – the president’s password? “yourefired” – a phrase he uttered on a TV show that stuck in the head of some attentive listener. Just before the 2020 presidential election, his Twitter account was hacked again – with the password “maga2020” – Make America Great Again . Which was his election password . A security expert attempted this hack as a joke and didn’t even have to try very hard. He only had to think for a moment and guessed the password on the 5th try , just because he found out a little information about his victim on the social network. He didn’t need either millions of dollars’ worth of hardware or much energy. If Donald had 2FA , he could have continued to use this beautiful password.
But now imagine that a hacked account can control the opinions of hundreds of millions of people, or cause the rise or fall of shares of companies from entire sectors of the global economy.Without 2FA, even a very long password won't help you
For passwords to work, you would have to have your own, unique password for each service that respects all security rules. Most people don't work like that. Try entering chrome://settings/passwords into the command line of your Chrome browser. If you use password saving in your browser, you will find that you have accumulated quite possibly hundreds of accounts during your time on the Internet . Email, in e-shops, school or company services, ... And you should have an extra secure and unique password everywhere. First of all, that is not realistic and secondly, it is partly useless anyway .
Digital footprint - these are dozens, hundreds or thousands of your logins
Every year, billions of personal data are stolen – emails, logins, passwords, security keys, credit card numbers, banking access data and current balances on your bank account, data from land registry offices, etc. And then this data is sold as “pieces” or “bulk” for $1 or more, or banking access from $3 to $20 depending on the size of your bank account. Just think about what you’ve bought recently, where you’ve traveled and paid, or where you’ve registered everywhere. Did you know that the vast majority of people use one or just a few passwords for everything?
Imagine that you buy something from a poorly secured e-shop. You enter your email and password, which is probably the same as the direct password to your email. When hacking such an e-shop, the attacker quite possibly also gains access to your email. Nowadays, there is a very high chance that your login details for at least some services are already known by thousands of other people at this moment. And if you do not change your passwords relatively often (what is often?) , it is only a matter of time before it is your turn . A certain defense (although also with risks) is to use a password management application . For example, LastPass . But answer the question of what will happen if someone manages to steal information from LastPass. Turning a blind eye to security or ignoring the facts described above can have serious legal and financial consequences, for example, in the case of a company. The solution is 2FA .
