Let’s Discuss Account Takeover, or “ATO”. 

What can we do to better protect ourselves and our companies from account takeover? 

Most of us today still believe we are “too small a fish” to have one of our digital accounts taken over. We think to ourselves that no one wants to read my email or post from my Twitter account or comment in Next Door about our neighbors. The reality is that the bad actors out there don’t care how big you are. They are looking for any open doors. With the # of passwords for sale on the dark web today and the human tendency to use the same or variations of the same phrase for multiple accounts, the likelihood that your access control is compromised is very high even when certain types of 2-factor authentication (2FA) are active. 

Bad actors are using bots to exploit any open door they can find and, as more and more of us move to digital wallets like CoinBase, there is real value to be stolen. Read this article for more details. ​​Hackers rob thousands of Coinbase customers using MFA flaw

Moving to more digital lives

If we are moving to a place where our money is decentralized and under our control, we have to recognize that we are then responsible for its safety and protection. There is no insurance if your cryptocurrency is stolen. Most of us are too comfortable thinking that if there is fraud or theft on our Credit cards, the bank covers it. This mentality has led to our laziness about how we secure our finances. This “insurance is enough” mentality will not apply in a digital wallet at least for those not FDIC approved. 

Beyond the tangible aspect of digital wallets, when was the last time you took your email security seriously? If you think about it, our email is typically the central hub for all of our other accounts. This ranges from receiving one-time passcodes in our email to using it as a trusted source for the recovery. Email is also important for the account creation. If you are using a free email service and likely do not have access to higher levels of access control. The scary part is that most small businesses use free accounts to save while they try to grow their business. When using non-business-grade solutions, tools like Single Sign-On (SSO) are not typically available. Hopefully soon, service providers will offer better solutions like Passwordless Multi-factor Authentication (MFA) (not just passwordless, that’s like leaving the keys in the car, but actual MFA). 

Why account takeover matters

The bottom line is: Account takeover is real and potentially crippling. Especially if you run a business of any size, I encourage you to take it seriously. Deploy Passwordless MFA plus Single Sign-On for simpler, more secure access to all your accounts.

If you’re curious about ways to do better, reach out for an introduction to a Passwordless MFA Keeper Security account. This provides Passwordless MFA to Keeper’s premier password manager! Start protecting your accounts today!