In the news recently we had an open letter drafted by US Senator Ron Wyden, to Director of National Intelligence, John Ratcliffe, lambasting federal intelligence agencies for their woefully lax cyber security practices.  Primarily citing the CIA’s 2016 data breach that led to the WikiLeaks publication of Vault 7 which was marked the largest data loss in CIA history. Senator Wyden went on citing several publicly known instances where other federal agencies and systems have failed to implement even the most basic of cyber security measures even after such measures had been made mandatory.

There are a number of security practices that the CIA and other agencies could implement to secure their systems.  For the sake of this video, we’ll focus on one of the most basic of practices, one that Senator Wyden cited numerous times in his letter as missing from many federal systems. This practice is called Multi-Factor Authentication

Multi-Factor Authentication is an authentication method by which a user is granted access to a system only after presenting 2 or more pieces of evidence that prove the the user’s identity. There’s a good chance that you have experience with multi-factor authentication, so I’ll outline a scenario for you that you’re probably familiar with.

  • Let’s say you want to log onto your Bank account
  • You go to the Bank website
  • You plug in your Password
  • You’re brought to another screen that is requesting a code that has been texted to you
  • You plug in that code and then you’ve been grated access to your account

So what happened here is:

  • You plugged in your password, which was your first method of authentication
  • Then you plugged in the code that was texted to you, which was your second method of authentication.

What I want you to take away from this video today is the importance of multi-factor authentication.  Implement multi-factor authentication everywhere you can.  Most importantly on your email account. If you don’t implement this anywhere else, implement it on your email account.  The reason I say that is because your email account is the key to gaining access to all your other accounts.  You know this because when you can’t get into one of your accounts, you click forgot password and an email shows up in your inbox that allows you to reset your password.  Anyone with access to your email account can accomplish the same thing.  Do not let that happen.  Implement multi-factor authentication today. You’ll probably find that it’s something that you can just turn on in your account settings.