Today more than ever before we are storing valuable assets online. Those assets could include access to our bank vaults, our galleries of pictures, our writings, our work, and our communications. That is a lot of stuff. It is important that we maintain access to those things and that they do not get hijacked.
The first line of defense against such hijackings is having strong authentication systems in place. If a system will not permit entry without being convinced beyond the shadow of a doubt (within some reason) that you are the one trying to access your systems and not someone else then it is a better system.
There are a lot of problems around online authentication.
https://www.theverge.com/2017/7/10/15946642/two-factor-authentication-online-security-mess
This is a topic I’ve spent a decent amount of time looking into.
I can say that there are a couple things that I have learned that have made a big impact on me.
- When possible, use 2FA. If you can use an app for authentication instead of SMS messaging.
- If you are going to use an app then use Authy, https://authy.com/ because if your phone breaks or gets destroyed and you have backups enabled with authy it is much easier to get up and running again than with Google Authenticator (if your phone breaks, you are screwed with Google Authenticator)