9th September 2019
Harden your 2-factor account security
With a G Suite for Business account
There are almost too many ways to count how a G Suite user account can be secured with 2-factor account (2FA) security. It is also why Google is an industry leader for commercial-off-the-shelf business suite software and security.
Other platforms can rely solely on SMS and recovery email addresses to secure their accounts, but these measures aren't all that difficult to get around these days.
Here is an example of a traditional 2FA setup using a primary Email account + SMS text based security codes for account authentication. The email address is also connected to other important logins.
But if someone wants to target this account to gain access to the other logins, it's not all that difficult to hack into the 2FA security if it is SMS, or worse, Recovery email address based.
How it is done is rather simple: the attacker gathers enough of your personal details from places such as social media (Facebook and LinkedIn especially), online wedding registers, and
data pirates that sell your private data online for next to nothing. From places like these an attacker can obtain date of birth, mother's maiden name and your mobile phone number. They can then call up telco providers until they find your carrier and request a SIM port over to them.
This is more common and easier than you think, and once complete, the attacker is able to access your 2FA protected email account because they are receiving
all of your SMS messages at this point. Once that's done, there is little to stop them from accessing just about
everything you log into online.
Here is where a G Suite for Business account demonstrates it is ahead of the competition. Google 2-factor account security isn't reliant solely upon SMS based 2FA security, nor Recovery Email addresses.
Here is a list of non-SMS 2FA methods available to G Suite for Business users:
- USB/Bluetooth Security Keys (Yubico et al.)
- Google Authenticator app
- Mobile device one-touch pass through (not an SMS code)
- Backup 2FA codes (offline one time use codes you can print out)
- Voice-based 2FA codes to your landline
- G Suite Admin
It is unconscionable to not secure your primary email address with 2FA, regardless of whether you're an outlook.com user, an Amazon Web Service (AWS) organization, or a Facebook advertiser or Business page holder. You don't leave your front door unlocked at night; why would you do the same for your main email account you rely on for your online activities?
Don't take our word for it, and don't think just because you're tech savvy you're immune to this threat. Read how an I.T. engineer had $100,000 of digital currency stolen from him using the method above.
https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124
Do you or your business need help securing your data from hackers and crackers and bears (oh my)?
Contact our security team at https://nephological.com.au for more information. We specialize in helping small and medium sized businesses improve their I.T. with tools such as G Suite for Business and all-things-Google.