Everything You Need to Know About Two-Step Verification June 2020 - ICT Cyber Security Newsletter

It has become common to see online services that offer increased protection for your accounts by using two-step verification. The improved protection online accounts is important as individuals, schools and businesses are targeted by cyber criminals.

In the coming weeks and months ahead, here at Laurier we will begin enabling two-step verification for staff and faculty that provides an extra layer of security for your Laurier accounts. These measures are designed to ensure that you're the only person who can access your account, even if someone knows your password.

That being said, it is also important to use two-step verification in your personal lives, to protect your bank accounts, social media and other online accounts that require an additional layer of protection.

In this week’s newsletter we will review the basics about two-step verification to help you understand the vital role that it can play in protecting your accounts.

So, what exactly is two-step verification?

Two-step verification, also called multiple-factor or multiple-step verification, is an authentication mechanism to double check that your identity is legitimate.

How does two-step verification work?

When you want to sign into your account, you are prompted to authenticate with a username and a password – that’s the first verification layer.

Two-step verification works as an extra step in the process, a second security layer, that will reconfirm your identity.

Its purpose is to make an attacker’s life harder and reduce fraud risks. If you already follow basic password security measures, two-step verification will make it more difficult for cyber criminals to breach your account.

What are the forms of authentication?

1. Something that you know – This could be a password, a PIN code or answer to a secret question.

2. Something that you have – This is always related to a physical device, such as a token, a mobile phone, a SIM, a USB stick, a key fob, an ID card.

Many people use Google Authenticator to access their Google Apps.

3. Something that you are – This is a biological factor, such as a face or voice recognition, fingerprint, DNA, handwriting or retina scan. While many phones utilize this technology, it is much less common to find them in the workplace.

Such as a fingerprint scanner on your smart phone.

Why should I activate two-step verification?

Passwords on their own aren’t as infallible as we need them to be. Hackers have the power to test millions of passwords combinations in a second.

Did you know that 90 percent of employee passwords can be cracked in six hours?

What’s even worse, 65% of people use the same password everywhere. That would be like having a single key for both your house and your car. When this happens, a website that may get breached may expose every other account using that username and password combination.

Answers to security questions are also easy to find out, especially now that we are willingly sharing all the details about our lives on social networks and blogs. Anyone that interacts with us on a daily basis can find out the answers to common security questions, such as the graduation year, the city that you grew up in or our first pet’s name.

Even if you don’t give these out in your Facebook profile, some can be found through public records, available for anyone who cares to look. Others can be cracked simply by entering common names.

This is where two-step verification comes in handy. It will offer you an extra layer of protection besides your username and password. It’s hard for cyber criminals to get the second authentication factor, without physically coming into contact with you and drastically reduces their chances to gain access to your accounts.

A few examples of Two-step verification methods that you are most likely already using:

The token issued by your bank, which generates you a specific code at a specific time – you use it with your username and password for Internet banking.

A one-time password, that you receive as text message on your mobile phone and you use it when you want to log into your Google, Facebook or Twitter account.

Similarly, a random password generated by an app like Google Authenticator or Facebook Code Generator, which you would use to log in to your email or social media account.

Typically, we would recommend using two-step verification for any information that you would not like to be publicly available. This includes:

  • online banking
  • online shopping (Amazon, PayPal – though it’s only available for a few countries)
  • email (Gmail, Yahoo, Outlook)
  • cloud storage accounts (Dropbox, Box, Sync)
  • accounts on social networks (Facebook, Twitter, Linkedin, Tumblr)
  • productivity apps (Evernote, Trello)
  • password managers (LastPass)
  • communication apps (Slack, Skype, MailChimp)

More information about two-step verification at Laurier for staff and faculty will be available in the coming weeks.


Information in this newsletter is credited to Government of Canada, CIBC, TrendMicro and DataEconomy. Created with images by ChristophMeinersmann - "privacy policy it computer" • freestocks.org - "untitled image" • Austin Distel - "The life of an online entrepreneur. If you use this photo on your site, I would be very appreciative if you would please credit in the caption or meta to "www.distel.co". Model: @Austindistel https://www.instagram.com/austindistel/ Photographer: @breeandstephen https://www.instagram.com/breeandstephen/ " • lukasbieri - "youtuber blogger screenwriter" • gagnonm1993 - "hacking coding code" • katielwhite91 - "ransomware cybersecurity cyber"