Locked Out

World password day is upon us again and entering its eight year! I want to take some time not just to talk about passwords but also the information that sits behind. During the first half of 2021 I’ve been called to numerous users struggling to access their email accounts. The issue was no fault of their own and stemmed from email and online services providers becoming more sensitive to perceived suspicious activity. The resolution should be simple, validate the account and confirm their identity through one of their recovery methods. This will normally involve a reset link to their email or a secure code sent via text message. At this point I realise that the user has had their account for some time and failed to keep their account recovery information current!

Two Factor Authentication

Online security is the key to keeping your accounts protected and it is now clear that passwords are just not enough to keep your data safe. This fact highlighted by my clients plight, they had their password but yet they were still denied access to their data.

As more of our important data is kept online and with password leaks and website hacks becoming more common, additional means are needed to keep hackers out. In response, almost all major online service providers now require or implement something called two factor authentication (2FA). Two factor authentication is essentially a way to double check who you are and confirm that you are the genuine owner of your account. The most common method is to require both a password and verification by text message or email. Some larger technology firms require even more secure methods such as Microsoft’s Authenticator App that can be downloaded on to your mobile and utilise your fingerprint or phone pin number. In March 2020 the EU introduced legislation that required banks and finance institutions to implement two factor authentication to reduce fraud and data breaches. Google themselves recently improved their two factor authentication system requiring it by default on all new user accounts.

Update your recovery information

Banking and Utility accounts can normally be updated easily through a quick call to the provider, but with free services like most email accounts and online only services this may not possible. Your recovery information is the only means to get you back in and access your data. With a couple of my customers we were lucky and still had access to their emails, this provided enough information to recover their accounts. Two users still had their home telephone listed as a recovery number, these were allowed in the distant past but no longer work with Microsoft’s password recovery system. In both cases we were able to update them but both had to wait the 30-day recovery period and were unable to send or receive messages for nearly a month. One final user was in a real bind and without any method to recover their account, I personally thought all was lost but by some miracle they were able to visit a Microsoft store in person and they restored everything.

So what can be done to help? I’ve included our list of tips to keep your account up to date and make sure you can get back in should things go wrong.

Turn on two factor authentication – Most services require it but turning it on now can help you get ahead and keep your account secure. This guide by Wired can be very helpful to give you some more information and point you in the right direction.

Check your account reset information fairly regularly – This is fairly easy to do and I have included the help links for a few of the most common account types below;

Update account recovery information when necessary – Changing your mobile number or email address? It is critical that you visit each of your other accounts and update the recovery information as quickly as possible. Once you have your new number or email, log into each account and add your new information.