[OPLIN 4cast] OPLIN 4Cast #609: Passwords are not enough. The time for 2FA is now

OPLIN Support support at oplin.ohio.gov
Wed Aug 29 10:30:06 EDT 2018 

Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]

OPLIN 4Cast #609: Passwords are not enough. The time for 2FA is now
August 29th, 2018

[image: 2FA Two-factor authentication] A couple of months ago, I got an
online subscription to *WIRED* magazine. As a thank-you gift, I was sent a
YubiKey.  When I received it, I really had no idea what it was: it looked
much like a flattened USB drive. When I realized that it was a form of
hardware two-factor authentication (2FA), I happily proceeded to set up and
configure my account. I even ordered myself another one, as a spare I can
carry around.

I'm a huge fan of 2FA. It's turned on for pretty much everything I can do
online, where it has been possible to do so. If you're reading this, and
you haven't done this...well, this is one of those things for which you'll
kick yourself later. Two-factor authentication simply means that, beyond
providing login credentials (like a username and password), there's a
second step required to log into a site or service. Ideally, this second
step is providing a code from an app like Google Authenticator
<https://mashable.com/2017/10/29/how-to-set-up-google-authenticator/#JXQzDxglVqqZ>
or activating a hardware 2FA key like my Yubikey.  Some online services
still use a SMS message as a second step (I'm looking at *you, *Paypal!),
which is not really a good idea, as you'll see below.  You don't have to
buy a Yubikey. Keep in mind that you may have to do a little googling to
find out how to set 2FA up for each site or service.

   -
   - Password breach teaches Reddit that, yes, phone-based 2FA is that bad
   <https://arstechnica.com/information-technology/2018/08/password-breach-teaches-reddit-that-yes-phone-based-2fa-is-that-bad/>
   [Ars Technica] "A newly disclosed breach that stole password data and
   private messages is teaching Reddit officials a lesson that security
   professionals have known for years: two-factor authentication (2FA) that
   uses SMS or phone calls is only slightly better than no 2FA at all."
   - Even many tech-savvy people not using two-factor authentication, finds
   university <https://9to5mac.com/2018/08/09/2fa-adoption/> [9to5Mac]
   "What they found was that while these students understood technology, they
   didn’t understand why they needed to take this cybersecurity precaution.
   'There was a tremendous sense of confidence,' Camp said. 'We got a lot of,
   ‘My password is great. My password is plenty long enough.''
   - Fortnite motivates players to turn on 2FA with a funky new emote
   <https://thenextweb.com/gaming/2018/08/24/fortnite-2fa-funky-emote/>
   [The Next Web] "The *Fortnite* team today announced it’d be offering a
   “Boogie Down” emote to those of its consumers who enabled two-factor
   authentication on their accounts. This creative way of incentivizing
   security might help motivate some younger fans who don’t yet fully
   understand how to protect themselves online."
   - Instagram hacks raise questions about its 2FA security
   <https://mashable.com/2018/08/22/instagram-hacks-raise-questions-about-2fa-security/#n2MpltSD7aqd>
   [Mashable] "Instagram lets users secure their accounts with two-factor
   authentication, but it currently relies on text messages, which aren't as
   secure as app-based authentication methods."

*From the Ohio Web Library <http://ohioweblibrary.org>:*

   - Two-Factor Authentication: Who Has It and How to Set It Up
   <http://proxy.oplin.org:2054/login.aspx?direct=true&db=buh&AN=128120315&site=ehost-live>
   (GRIFFITH, E. (2018). Two-Factor Authentication: Who Has It and How to Set
   It Up. *PC Magazine*, 115-123. )
   - Multi-Factor Authentication—It's Not Just Buying Another Lock
   <http://proxy.oplin.org:2054/login.aspx?direct=true&db=cmh&AN=99233743>
   (west, j. (2014). Multi-Factor Authentication—It's Not Just Buying Another
   Lock. Computers In Libraries, 34(9), 26-27.)
   - WHAT TO DO AFTER A DATA BREACH: 5 STEPS TO MINIMIZE RISK
   <http://proxy.oplin.org:2054/login.aspx?direct=true&db=cph&AN=129861039&site=ehost-live>
   (PAUL, I. (2018). WHAT TO DO AFTER A DATA BREACH: 5 STEPS TO MINIMIZE RISK.
   Pcworld, 36(6), 84-89. )

------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL: http://www.oplin.org/4cast/ind
   ex.php/?feed=rss2.
   - *Live Bookmark.* If you're using the Firefox web browser, you can go
   to the 4cast website (http://www.oplin.org/4cast/) and click on the
   orange "radio wave" icon on the right side of the address bar. In Internet
   Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
   feed.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://lists.oplin.org/mailman/listinfo/OPLIN4cast
   <http://lists.oplin.org/mailman/listinfo/OPLIN4cast>.

© 2018 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20180829/842b78b6/attachment.html>

More information about the OPLIN4cast mailing list