You already know that any account you create is prone to being hacked, especially if the right safeguards are not in place. Over the past several years, news of widespread data breaches has made simple passwords outdated. But there’s more that needs to be considered as new applications become available.
Today, there are services that aim to protect your password, like LastPass, and allow you to login to your accounts without even revealing your password on screen. Additionally, there are more secure methods such as biometric fingerprint scans and PIN-based logins.
While most agree that added security and verification is always a good thing, the objective of gaining new users has taken precedence over ensuring that the proper security steps are being put in place to protect their data.
One such instance is with a popular grocery delivery service. This company offers a simplified approach to grocery delivery options across the US, helping users to scratch one more thing off their to-do lists. Shoppers are given your grocery list, pick up your items, and deliver it right to your door. It is a great service, especially during the pandemic.
While the company itself provides an efficient service, the signup process is in need of security updates. For example, when creating an account with the application, there is no verification of the email address. What does this mean to their users? It means that if a user accidentally mistypes their email address (I.e. [email protected] vs [email protected]) the person who owns the email address owns the account.
Yikes! Just think how basic last names such as Smith, Jones, or Williams or first names such as Susan, Tom, or Mike could easily get mixed up with this format.
A few weeks ago, one of GreatHorn’s employees ran into this very issue. Someone used their Gmail account to place grocery store orders. Our employee, confused by “why” he was getting a notification from this grocery delivery service he had never signed up for, requested a simple password reset to log into the account. Again, he was trying to understand if fraud was being attempted on him but was shocked to find out the result.
The result, the account he now owned was someone else’s who had mistyped the email address during the account creation process. Within this account, our employee had access to the personal information of someone else – physical address and credit card information among other things. All this information had been saved. Should it have not been for the genuine concern for this individual, our employee could have simply made a new order, adjusted the tip amount to the shopper, changed the order completely, or any number of actions that could be taken within the account.
Our employee reached out to the person to let him know about the mix up. But this is just one example and could have happened countless times. And this leads to a great point about why both being aware of instances where security is lacking and implementing two-factor authentication (2FA) is so important.
Two-factor authentication is the process where users provide two different forms of authentication to verify who they are. It could be an email address and a phone number. 2FA is done to protect the credentials of the users and the access to the information contained within the application. It provides a much higher level of security than a simple password or passcode. Users will provide a password, but will also include a facial scan such as what Apple uses (no two faces are alike, right?), an answer to a security question, or even a code texted or emailed to the user. Given the prevalence of fraud and account compromise, the goal is to verify the user is who they say they are to prevent fraudulent activities.
It is important to remember that while we all value convenience and simplicity, we must not sacrifice the security of the applications we use every day for it. For both businesses and end users, if the applications we use do not have the proper security measures implemented, it could be time to switch to another application. While some applications and companies may opt to not include 2FA because it can potentially have a negative impact on the user experience, 2FA is a critical step to helping prevent fraud from happening on your account. If an account or application is simple for you to get into, it is certainly easier for hackers to get into as well.
While two-factor authentication does not completely protect you from potential hackers and even data breach risks, it is a critical step to take in ensuring your account is not accessed by unauthorized users.