Message from General Computer Development 

Trending Topics to Stay Safe and Secure

Multi-factor Authentication (MFA)

Most people are probably aware of multi-factor authentication (MFA) at this point. At least one of the services you currently use such as email or online banking employs a second authentication method.

MFA is two or more factors of authentication, including something you know (such as a password) plus something you have (like your phone or token) or something you are (like your voice, face, or thumbprint). 

However, did you know not all factors are equally safe? In the early days of MFA, a lot of companies turned to SMS (text messages) to your phone as the second factor. It was cheap, easy, convenient, and one of few available options in the early implementation of MFA.

However SMS is usually unencrypted, and it’s simple to steal the contents of text messages, including those 6-digit codes that services and others are always sending you to confirm your identity. In fact, there are very cheap online services where you can type in any phone number and start receiving its text messages.

Although using SMS is a lot better and safer than just using an ID and password, when you have the choice, always use an application-based MFA such as Microsoft Authenticator or Google Authenticator. Choose application-based MFA option and NOT SMS for multi-factor authentication, especially when authenticating to a system for work purposes or using your company-issued devices. As technologies evolve, so do the methods used by GCD to continue a good security posture.  

GCD has adopted the practice by deploying the use of application-based MFA and eliminating the use of SMS where possible.

More on MFA Authentication Methods

With the current situation in Ukraine, the Cybersecurity & Infrastructure Security Agency (CISA) advises businesses to increase their security stance to guard against potential disruptive cyber incidents. You can do your part to help.

You may have the SMS Text method set as your default for Multifactor Authentication(MFA). Although the SMS text message may seem convenient, it is less secure than other methods and will soon be retired by providers. Before July 22, please move to one of the alternative MFA methods available to you.

We recommend using the Microsoft Authenticator app as your primary method. The app has the highest level of security and is the easiest to use!

Let GCD help you with this change. 

Passwordless Sign-in

Apple, Google, and Microsoft will soon implement passwordless sign-in on all major platforms. It was announced this past May that the tech giants have committed to building support for passwordless sign-in across all of the mobile, desktop, and browser platforms in the coming year. 

A passwordless login process consists in allowing users choose their phones as the main authentication device for apps, websites, and other digital services. Unlocking the phone with whatever method is set as default (PIN, draw pattern, face ID, fingerprint) will be enough to sign in to web services without the need to ever enter a password.

This is made possible through the use of a unique cryptographic token called a passkey. Without a password there will be no obligation to remember login details across services or compromise security by reusing the same password in multiple places. 

Internet of Things (IoT) devices

IoT devices are the nonstandard computing devices that connect wirelessly to a network. Common examples of these devices are smart mobiles, smart refrigerators, smart watches, smart door locks, smart security system. 

IoT devices can make our lives convenient and more efficient, however, it is extremely important to be aware of the security risks and threats of cyber attacks. These devices do not typically have any built-in security. Most of the time, if one device gets hacked, the rest of the network is compromised. Here are a few recommendations to keep IoT devices secure. 

1. Change default router settings: most people do not rename their router, and use the default Wi-fi information printed on the back of the router. It is highly recommended to change these settings and create names and/or passkeys known to you only. 

2. Disconnect IoT devices when they are not needed: lot of home appliances come equipped with smart features, however, if you won't make use of certain feature that require internet connectivity, then keep those devices disconnected from your network.

3. Avoid using universal plug and play: it is best to turn off universal plug and play feature on devices equipped with it. While it is easier to add these type of devices without additional configuration, it can make other IoT devices discoverable and open your network for attacks. 

4. Keep your software, firmware updated: these keep you protected with the latest security patches and reduces the chances of cyberattacks.

Recommended reads... 

Don't forget to follow us on social media to get the latest updates happening at GCD!