1. Home
  2. Discover
  3. Technology
  4. Product Habits

If you do one thing to secure your information

Recently, I was working with a freelancer and needed to share a bunch of documents with them. When I asked him where to send the documents, he gave me his personal gmail account address. 

Ok, using a personal account is not ideal, I thought, but that’s fine. It’s a totally common practice for vendors working with small and even large enterprise companies to use their personal accounts for getting access to documents. 

But to be extra secure, I asked the freelancer if he had two-factor authentication (2FA) turned on for his personal account.

“Huh? Do I have what turned on? How do I do that?”

I was shocked - how could he not be protecting his own and his customer’s documents and information? Every client working with this freelancer is one password dump away from having every shared document exposed.

We’ve all heard about how important 2FA is. But many folks still haven’t taken the leap yet. Turning on 2FA is the simplest action you can take to prevent account takeovers and information leaks. 

I’ll be blunt.

Turning on 2FA for your entire organization is the simplest and largest security gap that you can close. Out of all the security gaps that we see across companies, nothing else reduces as much risk with so little effort.

It might be boring and cliche but it works.

Where should I turn 2FA on?
At a minimum, get all your communication, infrastructure, and document tools like Google, Slack, Apple, GitHub, Microsoft, Amazon, Facebook, and Twitter. These are what cause the most damage when they’re compromised.

What’s the best option for 2FA?
You have three options for 2FA. Text, email or authenticator apps. We recommend using authenticator apps, they’re more secure.

That said, having any 2FA is way better than not having 2FA at all. If you need to give ground here and use text or email 2FA, that’s okay. The important thing is that you get it turned on, regardless of the exact method.

Are the physical keys (hardware) worth it? 
They do make a difference and are worth setting up for sensitive data or infrastructure. If your IT team is pushing for them, it’s a good idea to set them up. YubiKey is one of the more popular options.

Again, don’t let these hold you back though. If you’re setting up 2FA for the first time, get 2FA enabled regardless of how it’s set up. You can always upgrade to physical keys later.

Should I worry about personal accounts?
Yes, a lot of folks miss this.

Many of us know to force 2FA on our work accounts. But if any personal account gets compromised, it’s not hard to fake the identity of that employee and start getting access to company accounts.

This is harder to mandate across your team but it’s absolutely worth it, especially for roles that have sensitive access.

Are there any step-by-step guides that I can forward to someone on my team?
Google has put together a fantastic mini website all about 2FA here.
Microsoft has a brief overview of how to set up 2FA for your Microsoft account.

If there’s only one thing you do for security this year, turn 2FA on for all the core services you use at work and personally. And make sure your contractors, freelancers, and vendors do too.

It’s the simplest way to make progress on your security goals, and will save you from potentially big security issues some point down the road.

Is there anything preventing you from getting 2FA enabled for your team?











Copyright © 2022 Up Advisors, LLC., All rights reserved.
You received this email because you signed up to get emails from Product Habits.

Our mailing address is:
Up Advisors, LLC.
13337 South St. #269
Cerritos, California 90623

Add us to your address book


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Older messages

I should have known

Tuesday, December 21, 2021

When I asked what people would do with two hours of my time 1:1, the vast majority of replies wanted help with growth and product. There were no... When I asked what people would do with two hours of

The people worth investing in

Monday, December 20, 2021

We're too eager to bet on people who overestimate themselves—and too hesitant to invest in those who underestimate themselves. Hiten's Pick When and How To Take Big Swings Most people probably

How work is changing

Monday, December 13, 2021

The Atlassian team created an eye-opening report on the workforce's shifting priorities and expectations. Hiten's Pick Female Founders in Short Supply This is a crazy stat: Fewer than 2% of

An untapped goldmine for customer research

Tuesday, December 7, 2021

They say silver bullets don't exist, but I found one. We recently analyzed 51 IT Manager job descriptions on LinkedIn. We wanted to know what to... They say silver bullets don't exist, but I

How Stripe scaled

Monday, December 6, 2021

This is a fascinating breakdown of how Stripe scaled–from its original six-month goal planning process to input method tracking. Hiten's Pick A Common Trait in Those Who Succeed Repeatedly I saw

You Might Also Like

a16z’s Infrastructure team gets a new general partner

Friday, April 19, 2024

Post News is shutting down and Wall Street isn't feeling a Salesforce-Informatica pairing View this email online in your browser By Christine Hall Friday, April 19, 2024 Image Credits: Andreessen

New Roundtable! Additive for Mass Production Applications

Friday, April 19, 2024

The Outlook for the Future View this email in your browser engineering.com Roundtable - Additive for Mass Production Applications: The Outlook for the Future 6 Considerations for Choosing the Right

📷 What to Know About Macro Photography — Why You Should Buy a Budget Motherboard

Friday, April 19, 2024

Also: How to Automatically Highlight Values in Excel, and More! How-To Geek Logo April 19, 2024 📩 Get expert reviews, the hottest deals, how-to's, breaking news, and more delivered directly to your

Is the wind going out of the AI sails?

Friday, April 19, 2024

Rippling vacuums up venture capital and Ramp bags more millions View this email online in your browser By Haje Jan Kamps Friday, April 19, 2024 Image Credits: Getty Images / Carol Yepes Welcome to

Llama 3 is out - Weekly News Roundup - Issue #463

Friday, April 19, 2024

Plus: brand-new, all-electric Atlas; AI Index Report 2024; Microsoft pitched GenAI tools to US military; Humane AI Pin reviews are in; debunking Devin; and more! ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

Daily Coding Problem: Problem #1417 [Easy]

Friday, April 19, 2024

Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Wayfair. You are given a 2 x N board, and instructed to completely cover the board with

Charted | How Hard Is It to Get Into an Ivy League School? 🎓

Friday, April 19, 2024

We detail the admission rates and average annual cost for Ivy League schools, as well as the median SAT scores required to be accepted. View Online | Subscribe Presented by: Discover the motivations

Dark Matter & Tortured Poets

Friday, April 19, 2024

New music releases aren't what they used to be -- for good and bad. Dark Matter & Tortured Poets By MG Siegler • 19 Apr 2024 View in browser View in browser New music releases in 2024 are a

Impact of AI on Product Management

Friday, April 19, 2024

​ Impact of AI on Product Management The rise of the AI Product Manager. Product managers have always championed customer's needs. However, with AI, the job requires new technical and ethical

⚙️ Zuck has entered the chat(bot)

Friday, April 19, 2024

Plus: AI video's coming to mobile! ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌