Admittedly, the subject of account security – passwords and two-factor authentication – might not be the most exciting, but it’s something all organizations should take seriously.
We’ve put together this brief guide to explain what Mailigen’s two-factor authentication is and why you really should be using it, with some bonus tips and advice on how to create strong passwords that can’t be hacked easily.
So, we ask you for a few moments of your time to have a good read through and apply what you learn here to your Mailigen account. We think you’ll find it worthwhile.
So, what is Two-Factor Authentication (or 2FA)?
Put simply, 2FA is an extra layer of security that was created to protect online accounts a step further than the standard username and password method.
Mailigen’s two-factor authentication is an optional – but strongly recommended – method of confirming your authorised account user’s identity by combining two distinct, unlinked factors to provide additional security:
- Something the user knows (a strong password)
- Something the user physically has (a laptop, smartphone, etc)
Sure, using a single-layer data authentication protocol such as a username and password on its own is practical, but it’s just not secure enough. Once you’ve enabled 2FA, you’ll be asked to enter a special login code and confirm your login attempt via a device that you – and only you – physically have.
This way, even if your password is hacked, attackers still won’t be able to access your Mailigen account and cause you any lasting damage. A simple password reset using your 2FA-generated login code and you’re back in control.
We recommend using an application such as Authy, 1Password or LastPass. These apps support secure backup of your authentication codes in the cloud and can be restored if you lose access to your device.
So, is 2FA really secure? Well, nothing gives 100% protection – that simply doesn’t exist. But 2FA does offer the best protection you’re going to get.
Why use 2FA?
A much better question would be, “why not use 2FA?”
No matter how complex a password is, it can never be strong enough on its own to fully protect against account takeover (ATO) – one phishing email or successful database attack and you are exposed and vulnerable.
Statistically speaking, a damaging attack that exposes your password(s) is unlikely, but until you enable 2FA you’re taking part in a daily lottery that you certainly don’t want to win.
Account takeover is a rapidly-expanding problem that costs companies billions of dollars worldwide, not to mention the often unquantifiable (but equally significant) losses caused by the inevitable reputational and brand damage.
Now, having your Mailigen account hacked might not result in any direct monetary losses, but it could result in lost time and resources spent trying to locate the source of the ATO – and trying to prevent it again: cleaning up the mess, informing customers (who may have received confusing or reputationally-damaging emails from your account) and dealing with any associated fall-out.
According to Verizon’s 2019 Data Breach Investigation Report (DBIR), two-factor authentication should be considered as “baseline security” – i.e. the absolute minimum-security measures you are implementing.
For some light ‘bedtime reading’ that puts the significance of account security in a more global context, head over to CSO online for a list of the 18 biggest data breaches of the 21st century.
Who is 2FA for?
So, who’s using 2FA? The short answer is, unfortunately, not enough of us!
Mailigen’s 2FA is for all our customers – we built this additional layer of security for you. Unfortunately, take-up hasn’t been as enthusiastic as we’d have hoped, so here we are raising awareness and strongly encouraging you to enable this new feature now.
Size doesn’t matter – it really doesn’t. Reputational and financial risk mitigation should be a high priority for organisations of all sizes.
In summary, 2FA isn’t perfect but you should still use it.
So, how do I enable Mailigen’s two-factor authentication?
It’s easy to enable Mailigen’s 2FA: just click here for our simple guide to enabling 2FA.
To give you an idea of how easy it is, here are the first two steps you need to complete:
STEP 1 Go to your Account Settings and scroll down to Account Security – you will see if it is enabled or disabled in the brackets:
STEP 2 Click “Enable Two-factor Authentication” to open a pop-up window – it should look just like the image below:
To complete the set-up process, just follow the on-screen instructions and you’re good to go!
Where account security is concerned there really is no time like the present. So, add extra security to your Mailigen account today by enabling 2FA, and sleep better tonight.
Why Passwords Are Never Enough
So now we’ve explained why 2FA is a must-have to protect your Mailigen account, let’s examine why a strong password is necessary too (but simply not enough on its own).
If two-factor authentication provides an additional layer of security, strong passwords are also important for keeping your online accounts and personal information safe from cyber criminals… think of a strong password as the foundation of your 2FA.
Let’s start by addressing the importance of a strong password…
Why do we need strong passwords?
Simple. The stronger the password, the more secure your online accounts and associated data asset(s). If you have a Mailigen account, for example, your most valuable asset is likely to be your subscriber list – you know, the one that you’ve carefully and lovingly grown and nurtured into a loyal and engaged audience. And it makes good business sense to do everything in your power to protect your most valuable asset, right?
Another way to answer this question is to tell you that a weak password can be hacked by standard computing power in minutes or seconds, while a strong password would take several thousand years.
How to create a strong password
To create a strong password, follow these steps:
- Make sure your password is long enough – 12 characters minimum, preferably more.
- Use a combination of numbers, symbols, Upper- & Lower-case letters.
- Make it as random and unpredictable as possible, but…
- Create a password that you will actually remember!
- Now test your password.
To test the strength of your existing or proposed new passwords you can use one of the many free online checkers. We think this one from Kaspersky is pretty good.
Maintain good password hygiene
What is password hygiene and why is it important?
Put simply, password hygiene is a term to describe the steps you should take to keep your password as healthy and secure as possible. A few key steps are:
- Don’t share your passwords with anyone or write them down – as tempting or convenient as this may appear, just don’t..
- Use a free Password Manager app to store and protect your passwords
- Try not to use the same password for all your accounts. Ok, so with the number of different accounts we have these days, it’s a tall order to have a separate one for each account, but if you must duplicate passwords, at least make sure they are as strong as possible.
- Don’t log in on unsecure WiFi networks. If you do then you should change your password afterwards.
- Change your password when necessary – e.g. after a security breach, after logging in on a shared or public computer, after temporarily sharing access with someone else.
Why are passwords on their own so insecure?
Here are a few key reasons why passwords are so insecure:
- People often choose really weak passwords.
- Passwords are often shared between several people, and written down.
- People often use the same password for multiple accounts.
- Passwords often aren’t changed as frequently as they should be.
- Departed employees’ accounts are often kept active long after they have left an organisation.
A really alarming statistic from Verizon’s 2017 Data Breach Investigations Report (DBIR) – that Weak or stolen passwords are responsible for more than 80% of hacking related breaches – demonstrates perfectly why you should be enabling 2FA without further delay.
And that’s hardly surprising when you consider that many people still choose really pathetic passwords. To give you an idea, here’s a list of the 50 most used passwords from an analysis for 10 million done by the folks at WPengine back in 2015…
And take note, as John Pozadzides from lifehacker.com sets out in this really useful article, a hacker can crack a simple password in a matter of seconds, just using a free password hacker tool (yes, that’s really a thing!). So, it really pays to spend a few extra minutes ensuring you don’t end up on a similar list anytime soon! It’s worth checking out John’s tips for a better password too.
Let’s quickly answer two very straightforward questions:
- Is a strong password necessary? Yes
- Is two-factor authentication necessary? Yes
In conclusion, you should be taking these three steps to make your Mailigen account as secure as humanly possible:
- Create a Strong Password
- Maintain Good Password Hygiene
- Enable Two-Factor Authentication
If you’ve taken these three steps you’ve done everything you can. By taking good care of your account security, you are also taking good care of your customers…and who doesn’t want to do that?
As we said at the beginning of this article, this isn’t a topic that will ever get your pulse racing… that’s more likely to happen if your account is hacked. So, let’s do our best to avoid that situation!
If you have any comments, questions or even suggestions of your own, please leave them below – we’d love to hear from you.