2FA

[NutmegCT]

Two Factor Authentication. Good grief - how many BCFrs are now having to do this? I can understand one or two, but a dozen different accounts? Electric, water, oil, credit card, online banking, etc. People of a certain age (like me!) are beginning to give up, or turn their accounts over to their kids or younger friends. Not good.

Just got this today for another account:

1. Enter your Logon ID (username) and Security Code (password) as you normally would when you log in. At least 12 characters long but 14 or more is better. A combination of uppercase letters, lowercase letters, numbers, and symbols. Not a word that can be found in a dictionary or the name of a person, character, product, or organization.
2. Choose five security questions and an answer for each question. The new questions and answers will replace any previous security questions and answers you had chosen for your account. You may be prompted to provide exact answers to these questions during future logons, so we recommend writing your answers down and keeping the information in a safe and secure location that you keep with you at all times.
3. Choose the phone number you wish to use for 2FA or add your current phone number if it is not already listed as an option. Choose your preferred delivery method (text message or voice call).
4. A 6-digit code (via text or call) is immediately sent to the phone number you selected in the prior step.
5. Enter the 6-digit code within 30 seconds in order to complete 2FA and to successfully log in your account.

Security is important! Have to admit I was chuckling when I saw "we recommend writing your answers down and keeping the information in a safe and secure location that you keep with you at all times." There must be a couple YT videos about this.

yeesh

 

[waltesefalcon]

I often have to do it for work. There are a couple of sites I frequent which will also require it occasionally. While it is an annoyance, I usually have it set up to send a code to me via text, it typically isn't that bad.

I've not had to have security questions in awhile, and I've never had to enter the code within thirty seconds.

 

[Basil]

So Tom, can I assume that you haven't turned on 2FA for BCF yet? LOL! It is an option, but not required. But if you don't use 2FA I hope you use long, complex passwords.

 

[NutmegCT]

We don't need no stinkin' two-step - except ... Texas Two-Step!

 

[JPSmit]

I use it with text. Annoying but falls in (my) category of 'if you think compliance is expensive, try the cost of non-compliance.' Still less complicated that trying to recover a hacked account.

 

[Basil]

I use it with text. Annoying but falls in (my) category of 'if you think compliance is expensive, try the cost of non-compliance.' Still less complicated that trying to recover a hacked account.

Make it as difficult as possible for the bad guys to access your data. Of course when a major site or institution is hacked, all bets are off. A few years back, the Office of Personnel Management was hacked by the Chinese and personal data of people who held clearances was compromised. At the time I held a TS clearance and so every detail of my life was in that database. There's nothing I can do about that unfortunately.

 

[mikephillips]

Besides 2FA and encryption where it could be exposed to the public about all you can do is try to minimize the number of places your personal/bank/health and other information exists. More work, but I stay away from the "convenience" of data on the phone, accounts with banking for auto pay, personal identifying info everywhere to not have to retype and so on existing. Yes, makes buying a bit more work online, checks mean mail and possible loss. But at least someone has to physically be there to steal mail, not in a chair halfway round the world trying to con millions at the same time.

 

[YakkoWarner]

i don't have much luck with 2FA systems, mainly because they all assume you have a smartphone. If you don't own one, you cannot use 2FA in most cases. They made it mandatory here at work, and then had to back off on it when they realized that phones don't get signal throughout most of our site (and totally ignoring the fact that people were being expected to use their personal device at their own expense for a work-mandated requirement). They came back and made it mandatory again later, but at least provided at option for a USB device that counts as the second factor.

 

[NutmegCT]

Mike's comment "try to minimize the number of places your personal/bank/health and other information exists." reminded me that many (almost all?) businesses now store their "client data" in Cloud servers. And many also share your data with other companies and servers - just for fun, read the business's full Terms of Service. There's a growing number of emails, texts, and website warnings, saying "We have determined that some of our users' data has been compromised".

That doesn't necessarily mean it was compromised only their own server/cloudspace - and where it may have gone for other bad actors to find.

eek

 

[mikephillips]

In the end, may not make a difference, but at least I can tell myself I've tried to take precautions. Kinda of like if you leave your keys hanging outside your front door or put them away inside. Doesn't necessarily prevent someone from breaking in, but you hope it is making it harder to get your stuff. Why I don't keep personal information on my personal computer either, just on a drive that is only plugged in if needed at that time, then removed again.