If you do one thing to secure your information

Recently, I was working with a freelancer and needed to share a bunch of documents with them. When I asked him where to send the documents, he gave me his personal gmail account address. 

Ok, using a personal account is not ideal, I thought, but that’s fine. It’s a totally common practice for vendors working with small and even large enterprise companies to use their personal accounts for getting access to documents. 

But to be extra secure, I asked the freelancer if he had two-factor authentication (2FA) turned on for his personal account.

“Huh? Do I have what turned on? How do I do that?”

I was shocked - how could he not be protecting his own and his customer’s documents and information? Every client working with this freelancer is one password dump away from having every shared document exposed.

We’ve all heard about how important 2FA is. But many folks still haven’t taken the leap yet. Turning on 2FA is the simplest action you can take to prevent account takeovers and information leaks. 

I’ll be blunt.

Turning on 2FA for your entire organization is the simplest and largest security gap that you can close. Out of all the security gaps that we see across companies, nothing else reduces as much risk with so little effort.

It might be boring and cliche but it works.

Where should I turn 2FA on?
At a minimum, get all your communication, infrastructure, and document tools like Google, Slack, Apple, GitHub, Microsoft, Amazon, Facebook, and Twitter. These are what cause the most damage when they’re compromised.

What’s the best option for 2FA?
You have three options for 2FA. Text, email or authenticator apps. We recommend using authenticator apps, they’re more secure.

That said, having any 2FA is way better than not having 2FA at all. If you need to give ground here and use text or email 2FA, that’s okay. The important thing is that you get it turned on, regardless of the exact method.

Are the physical keys (hardware) worth it? 
They do make a difference and are worth setting up for sensitive data or infrastructure. If your IT team is pushing for them, it’s a good idea to set them up. YubiKey is one of the more popular options.

Again, don’t let these hold you back though. If you’re setting up 2FA for the first time, get 2FA enabled regardless of how it’s set up. You can always upgrade to physical keys later.

Should I worry about personal accounts?
Yes, a lot of folks miss this.

Many of us know to force 2FA on our work accounts. But if any personal account gets compromised, it’s not hard to fake the identity of that employee and start getting access to company accounts.

This is harder to mandate across your team but it’s absolutely worth it, especially for roles that have sensitive access.

Are there any step-by-step guides that I can forward to someone on my team?
Google has put together a fantastic mini website all about 2FA here.
Microsoft has a brief overview of how to set up 2FA for your Microsoft account.

If there’s only one thing you do for security this year, turn 2FA on for all the core services you use at work and personally. And make sure your contractors, freelancers, and vendors do too.

It’s the simplest way to make progress on your security goals, and will save you from potentially big security issues some point down the road.

Is there anything preventing you from getting 2FA enabled for your team?











Copyright © 2022 Up Advisors, LLC., All rights reserved.
You received this email because you signed up to get emails from Product Habits.

Our mailing address is:
Up Advisors, LLC.
13337 South St. #269
Cerritos, California 90623

Add us to your address book


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Older messages

I should have known

Tuesday, December 21, 2021

When I asked what people would do with two hours of my time 1:1, the vast majority of replies wanted help with growth and product. There were no... When I asked what people would do with two hours of

The people worth investing in

Monday, December 20, 2021

We're too eager to bet on people who overestimate themselves—and too hesitant to invest in those who underestimate themselves. Hiten's Pick When and How To Take Big Swings Most people probably

How work is changing

Monday, December 13, 2021

The Atlassian team created an eye-opening report on the workforce's shifting priorities and expectations. Hiten's Pick Female Founders in Short Supply This is a crazy stat: Fewer than 2% of

An untapped goldmine for customer research

Tuesday, December 7, 2021

They say silver bullets don't exist, but I found one. We recently analyzed 51 IT Manager job descriptions on LinkedIn. We wanted to know what to... They say silver bullets don't exist, but I

How Stripe scaled

Monday, December 6, 2021

This is a fascinating breakdown of how Stripe scaled–from its original six-month goal planning process to input method tracking. Hiten's Pick A Common Trait in Those Who Succeed Repeatedly I saw

You Might Also Like

Bitcoin Enthusiasts Are Letting Altcoins Pass by

Monday, December 23, 2024

Top Tech Content sent at Noon! Boost Your Article on HackerNoon for $159.99! Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today, December 23, 2024? The

Last Minute Gifts from Walmart

Monday, December 23, 2024

ZDNET ZDNET Sponsored Message In Partnership with Walmart December 23, 2024 exclusive offer Walmart Last-minute gifts from Walmart Shop Now Walmart The tech you've been wishing for–at everyday low

15 ways AI saved me weeks of work in 2024

Monday, December 23, 2024

ZDNET's product of the year; Windows 11 24H2 bug list updated -- ZDNET ZDNET Tech Today - US December 23, 2024 AI applications on various devices. 15 surprising ways I used AI to save me weeks of

Distributed Locking: A Practical Guide

Monday, December 23, 2024

If you're wondering how and when distributed locking can be useful, here's the practical guide. I explained why distributed locking is needed in real-world scenarios. Explored how popular tools

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

Monday, December 23, 2024

Your one-stop-source for last week's top cybersecurity headlines. The Hacker News THN Weekly Recap The online world never takes a break, and this week shows why. From ransomware creators being

⚙️ OpenA(G)I?

Monday, December 23, 2024

Plus: The Genesis Project ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Post from Syncfusion Blogs on 12/23/2024

Monday, December 23, 2024

New blogs from Syncfusion Introducing the New WinUI Kanban Board By Karthick Mani This blog explains the features of the new Syncfusion WinUI Kanban Board control introduced in the 2024 Volume 4

Import AI 395: AI and energy demand; distributed training via DeMo; and Phi-4

Monday, December 23, 2024

What might fighting for freedom in an AI age look like? ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

LockBit Ransomware Developer Charged for Billions in Global Damages

Monday, December 23, 2024

THN Daily Updates Newsletter cover The Data Science Handbook, 2nd Edition ($60.00 Value) FREE for a Limited Time Practical, accessible guide to becoming a data scientist, updated to include the latest

Re: How to know if your data has been exposed

Monday, December 23, 2024

Imagine getting an instant notification if your SSN, credit card, or password has been exposed on the dark web — so you can take action immediately. Surfshark Alert does just that. It helps you stay