1. Home
  2. Discover
  3. Technology
  4. Product Habits

If you do one thing to secure your information

Recently, I was working with a freelancer and needed to share a bunch of documents with them. When I asked him where to send the documents, he gave me his personal gmail account address. 

Ok, using a personal account is not ideal, I thought, but that’s fine. It’s a totally common practice for vendors working with small and even large enterprise companies to use their personal accounts for getting access to documents. 

But to be extra secure, I asked the freelancer if he had two-factor authentication (2FA) turned on for his personal account.

“Huh? Do I have what turned on? How do I do that?”

I was shocked - how could he not be protecting his own and his customer’s documents and information? Every client working with this freelancer is one password dump away from having every shared document exposed.

We’ve all heard about how important 2FA is. But many folks still haven’t taken the leap yet. Turning on 2FA is the simplest action you can take to prevent account takeovers and information leaks. 

I’ll be blunt.

Turning on 2FA for your entire organization is the simplest and largest security gap that you can close. Out of all the security gaps that we see across companies, nothing else reduces as much risk with so little effort.

It might be boring and cliche but it works.

Where should I turn 2FA on?
At a minimum, get all your communication, infrastructure, and document tools like Google, Slack, Apple, GitHub, Microsoft, Amazon, Facebook, and Twitter. These are what cause the most damage when they’re compromised.

What’s the best option for 2FA?
You have three options for 2FA. Text, email or authenticator apps. We recommend using authenticator apps, they’re more secure.

That said, having any 2FA is way better than not having 2FA at all. If you need to give ground here and use text or email 2FA, that’s okay. The important thing is that you get it turned on, regardless of the exact method.

Are the physical keys (hardware) worth it? 
They do make a difference and are worth setting up for sensitive data or infrastructure. If your IT team is pushing for them, it’s a good idea to set them up. YubiKey is one of the more popular options.

Again, don’t let these hold you back though. If you’re setting up 2FA for the first time, get 2FA enabled regardless of how it’s set up. You can always upgrade to physical keys later.

Should I worry about personal accounts?
Yes, a lot of folks miss this.

Many of us know to force 2FA on our work accounts. But if any personal account gets compromised, it’s not hard to fake the identity of that employee and start getting access to company accounts.

This is harder to mandate across your team but it’s absolutely worth it, especially for roles that have sensitive access.

Are there any step-by-step guides that I can forward to someone on my team?
Google has put together a fantastic mini website all about 2FA here.
Microsoft has a brief overview of how to set up 2FA for your Microsoft account.

If there’s only one thing you do for security this year, turn 2FA on for all the core services you use at work and personally. And make sure your contractors, freelancers, and vendors do too.

It’s the simplest way to make progress on your security goals, and will save you from potentially big security issues some point down the road.

Is there anything preventing you from getting 2FA enabled for your team?











Copyright © 2022 Up Advisors, LLC., All rights reserved.
You received this email because you signed up to get emails from Product Habits.

Our mailing address is:
Up Advisors, LLC.
13337 South St. #269
Cerritos, California 90623

Add us to your address book


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Older messages

I should have known

Tuesday, December 21, 2021

When I asked what people would do with two hours of my time 1:1, the vast majority of replies wanted help with growth and product. There were no... When I asked what people would do with two hours of

The people worth investing in

Monday, December 20, 2021

We're too eager to bet on people who overestimate themselves—and too hesitant to invest in those who underestimate themselves. Hiten's Pick When and How To Take Big Swings Most people probably

How work is changing

Monday, December 13, 2021

The Atlassian team created an eye-opening report on the workforce's shifting priorities and expectations. Hiten's Pick Female Founders in Short Supply This is a crazy stat: Fewer than 2% of

An untapped goldmine for customer research

Tuesday, December 7, 2021

They say silver bullets don't exist, but I found one. We recently analyzed 51 IT Manager job descriptions on LinkedIn. We wanted to know what to... They say silver bullets don't exist, but I

How Stripe scaled

Monday, December 6, 2021

This is a fascinating breakdown of how Stripe scaled–from its original six-month goal planning process to input method tracking. Hiten's Pick A Common Trait in Those Who Succeed Repeatedly I saw

You Might Also Like

Youre Overthinking It

Wednesday, January 15, 2025

Top Tech Content sent at Noon! Boost Your Article on HackerNoon for $159.99! Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today, January 15, 2025? The

eBook: Software Supply Chain Security for Dummies

Wednesday, January 15, 2025

Free access to this go-to-guide for invaluable insights and practical advice to secure your software supply chain. The Hacker News Software Supply Chain Security for Dummies There is no longer doubt

The 5 biggest AI prompting mistakes

Wednesday, January 15, 2025

✨ Better Pixel photos; How to quit Meta; The next TikTok? -- ZDNET ZDNET Tech Today - US January 15, 2025 ai-prompting-mistakes The five biggest mistakes people make when prompting an AI Ready to

An interactive tour of Go 1.24

Wednesday, January 15, 2025

Plus generating random art, sending emails, and a variety of gopher images you can use. | #​538 — January 15, 2025 Unsub | Web Version Together with Posthog Go Weekly An Interactive Tour of Go 1.24 — A

Spyglass Dispatch: Bromo Sapiens

Wednesday, January 15, 2025

Masculine Startups • The Fall of Xbox • Meta's Misinformation Off Switch • TikTok's Switch Off The Spyglass Dispatch is a newsletter sent on weekdays featuring links and commentary on timely

The $1.9M client

Wednesday, January 15, 2025

Money matters, but this invisible currency matters more. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

⚙️ Federal data centers

Wednesday, January 15, 2025

Plus: Britain's AI roadmap ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Post from Syncfusion Blogs on 01/15/2025

Wednesday, January 15, 2025

New blogs from Syncfusion Introducing the New .NET MAUI Bottom Sheet Control By Naveenkumar Sanjeevirayan This blog explains the features of the Bottom Sheet control introduced in the Syncfusion .NET

The Sequence Engineering #469: Llama.cpp is The Framework for High Performce LLM Inference

Wednesday, January 15, 2025

One of the most popular inference framework for LLM apps that care about performance. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

Wednesday, January 15, 2025

THN Daily Updates Newsletter cover The Kubernetes Book: Navigate the world of Kubernetes with expertise , Second Edition ($39.99 Value) FREE for a Limited Time Containers transformed how we package and