It’s been a year and a half since my last warning about enabling two factor on all internet facing accounts to prevent hacking, but it’s only been 28 days since a client’s Office 365 account was hacked and 14 days since a client’s Facebook was hacked. Neither client had two factor enabled.
In a scenario we have seen far too often, a channel 7 reporter had his passwords taped to his monitor, which was then shown on national TV. Check it out, his password is clearly visible for at least two different accounts.
His other accounts or computer may have been hacked already but lucky for him, his Gmail account had two factor. I know this because I know people who tried to log in with his details. The picture below is what happens after you enter your password. You’re asked for an SMS code, which is how two factor can save you from being hacked.
Thanks to social media, I know it took roughly 12 hours for him to change his password but in the meantime he would have been sent hundreds of texts from people trying to log in on his behalf.
Anyway, the moral of the story is that you’re responsible for your security unless you make it our responsibility by talking to us about a managed security plan.
If you’d like to discuss a managed security plan further please get in touch, otherwise please make sure you’ve enabled two factor authentication on all your Office 365 accounts.
Here is how you can set that on each account.
And this is what each of your team members needs to do.