Be Safer Online: Use Passwords, And An Easy Second Step

With so many online cyberattacks, data breaches and identities being stolen every day, how can we possibly protect ourselves in cyberspace?

One problem that's controllable, but stubbornly hard to fix, is too many people continue to have lame passwords.

So what online tools, tips and resources are available to help? What websites can we trust to provide ongoing messages and solutions that are needed?

Just as important, even if there are potential security solutions to protect our identities, where is this message being offered in clear, easy-to-understand language? Are there any practical, hands-on workshops available?

One good answer comes from the National Cyber Security Alliance (NCSA), who are promoting: "Two Steps Ahead: Protect Your Digital Life" in roadshows across the nation in 2014 and 2015. 

U.S. Congressman Marsha Blackburn and Michael Kaiser from NCSA  

One event, held in the Wilma Rudolph Event Center in Clarksville, Tenn., was developed by the NCSA to educate consumers and businesses about adding layers of security to their everyday online activities.

Michael Kaiser, executive director of National Cyber Security Alliance, outlined this clear message:

"Getting out to the public with information about how to implement better security is critical. The passwords '123456' and 'password' remain the most popular passwords and provide very little protection against the bad guys.

Couple that with the recent news that Russian hackers have stolen hundreds of millions of passwords and credentials and the recent retail data breaches, and it's clear we need to double down our efforts at account security. Using multifactor authentication, available at many of the Internet's most popular websites, is something that users can opt into today to increase their security.”

The NCSA, a nonprofit partnership focused on helping everyone stay safe and secure online, is holding a series of workshop events all across America to highlight this important cybersecurity message. The NCSA works in partnership with other nonprofit groups as well as corporate sponsors such as Google, Microsoft, Facebook, AT&T, Visa, Walmart, Costco, Intel, Symantec, PayPal, Yahoo and others on a wider series of messages under the banner of: STOP. THINK. CONNECT.

Simple Solutions Please!

While many people understand the password problems all too well, the readily available two-factor authentication method is used far less than you might expect.

What is the solution? The stopthinkconnect.org website offers simple answers to questions like:

"Email providers and financial services to social networks and blogging platforms are implementing new security features that can help their users add another layer of security to their accounts. These technologies are often referred to as two-step authentication, login approvals, multifactor authentication, etc., because they add a new layer of protection by adding a second element — in addition to a password — to protect your account.

These methods provide an extra layer of security. Most people only have one layer to protect their account. But combining something you know (your password) with something you have (your phone, a token, fob, etc.) makes your account even more secure by requiring the second element to log in. Simply put, two-step authentication makes sure it's really logging in, not just someone who has your password.

While this process may sound complicated, I find that it is rather easy to use in practice. After you turn-on the extra step, you will be prompted for a text when you try to sign-in to sites like LinkedIn. If you go back from the same computer the next time, the service can remember you and not require the extra step. But if you use a different computer - or a bad guy gets your password in Russia and tries to connect as you, the second step will be required. This provides an easy to use, but far more secure, experience.      

The Stop Think Connect websites offer many easy answers to your questions, such as:  

What is Two-Factor Authentication?

Why Should I Secure My Account?

How Do I Enable It?"

Wider messages to a wider audience

Tennessee was just one stop on this important nationwide tour that continued this week.

Previous events were held in Omaha, Nebraska, Hartford, Conn.; Ames, Iowa; and Northfield, VT. 

And the Two Steps Ahead Campaign is only one of many campaigns currently being run by stopthinkconnect.org.

Coverage of these events has been very positive in the media. For example, this article was written in preparation for the Connecticut workshop. Here’s an excerpt:

"The workshop will feature speakers from a variety of sectors and feature an opening keynote address by Connecticut Senator Richard Blumenthal.

The morning will highlight a hands-on demonstration to show attendees how to step-up their security on sites like Google, Facebook, Microsoft and LinkedIn. The event will conclude with a panel discussion featuring Attorney General George Jepsen, Connecticut Better Business Bureau President/CEO, Paulette Scarpetti, University of Connecticut Professor Dr. John Chandy and William H. Efron, Director Northeast Region Federal Trade Commission.

The government and academic experts’ focus will be on helping businesses and consumers insulate themselves from proliferating and ever-evolving Internet and other digital-based scams."

Wrap-up

One thing I really like about the National Cyber Security Alliance is its easy-to-use online portal covering many Internet safety topics.

Two related lists of blogs, articles and other resources include:stopthinkconnect.org/blogs/ and the www.staysafeonline.org/blog/. 

If there is an upcoming NCSA summit/workshop near you, I urge you to attend. You can check out the schedule and RSVP for a free space at their events page.

Either way, spread the word.

There are better and more secure ways available for everyone to connect online than using simple passwords. Use a second step. You will be glad you did. 

END NOTES: Parts of this blog come from an earlier Government Technology article by Dan Lohrmann: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/How-to-be-safe-online-using-better-passwords.html

If you like this blog, please share it with your network and click like or leave a comment. You can follow Security Mentor on Twitter: @SecurityMentor

You can follow Dan Lohrmann on Twitter: @govcso

Dan Lohrmann's Government Technology Magazine blogs are at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/