At a recent conference, Microsoft gave a presentation that included some important data sets that dealt with account security. According to How to Geek, we can use these statistics to improve our cybersecurity measures- most importantly, by configuring two- factor authentication.
The Data
According to the presentation, Microsoft tracks over 1 billion accounts and 30 billion login attempts each month, covering about 1/8th of the world’s population. As such, they have a very good picture of how hackers are targeting and getting into accounts that are not properly secured. In fact, Microsoft allegedly stops about 300 million fraudulent login attempts every single day.
According to the corporation, some of the most common attacks include spraying (where a hacker will take a generic password such as Password0! and try it on a large list of accounts,) phishing (where you are asked for your login credentials on a fake website and the data goes to the attacker,) and purchasing security info on the dark web and using credential stuffing to apply the data to multiple accounts. Because of these and other cyberattacks, about 32,000 accounts are breached each day.
What’s even more telling is that Microsoft has claimed that 99.9% of successfully hacked accounts did not make use of two-factor authentication. Two-factor authentication, or 2FA, makes your account more secure by requiring two steps, most commonly entering a password and entering a code sent to your mobile device, to successfully log in to your account. This means that most cyberattacks may have been prevented by enabling this feature.
Why Two-Factor Authentication?
It is easiest to fraudulently log into your account if multi-factor authentication is turned off and the hacker has both your username and password. There is an added layer of difficulty if the attacker only has your password and has to work to find your login username or email, but this can still be done fairly easily. However, if two-factor authentication is turned on, even if your username and password have been compromised, it is extremely difficult to get into your account without physical possession of your mobile device. According to Microsoft, two-factor authentication stopped 100% of automated attacks, such as credential stuffing and spray attacks, that were performed by bots.
According to How-to-Geek, the SMS method of multi-factor authentication, wherein a code is texted to your device, is inferior to the “Security Key Method,” which uses an app to generate the MFA code. Still, they maintain that either method is far superior to not enabling 2FA at all.
How to Enable 2FA
Using the 2-Factor Authentication method to secure your accounts is an easy step you can take to protect yourself against cyberattacks. To enable this feature, you can usually go to the “account” or “security” menu within the program you are accessing. How to Geek also provides guides on how to do this for commonly used websites here.
