Breaking News & Updates
Xero’s financial report reveals BIG loss but share price pop. - eepurl.com/isNmKQ
I spent the most part of a day securing some online services recently and it frustrated the #$%@*! out of me. That time could have been spent on something much more productive for a client or the business but it helped me realise something important.
We all need to protect what we have as well as go forth and try to create more.
Many online services, including online accounting software like Xero, MYOB Business PRO and QuickBooks Online, are protected by a username and password and that normally makes users feel safe – until you look at how weak many passwords are.
The longer the password the less likely a hacker will guess what your login details are but have you thought about how many times someone can attempt to login as you?
Hundreds of Hacker Login Attempts
I receive a lot of email alerts because I am the administrator for several website hosting accounts and other online services and you would be b l o w n a w a y if you saw the number of hacker login attempts we have some days – thousands.
Unless you receive these messages how would you even be aware that someone is trying to hack into your account?
You might recall recent events where major software companies have been down for a full half day or more and they have multiple layers of login protection! Imagine if that happened to your small business or the business where you work?
Xero users went through authentication issues several years ago and were given the choice of using Xero Verify or Google Authenticator and at the time I recommended Google Authenticator – I stand by that today!
Google Authenticator has issues too
When you really delve into authentication and related issues you realise that even something like Google Authenticator is an online service which anyone can log into.
Most people log into Google Authenticator with their Google email account but what if that was hacked?
Sure, Google have protection tools to keep their users safe but what are they? I won’t go too deep into this but here are some of the ways that I have come across to help protect online services.
- limiting access to only IP addresses for selected countries (many hackers use IP addresses from developing countries – often because they are actually located there).
- Limiting the number of attempts at logging in that any user can make
- Disabling login if someone attempts to reset a password too many times
- Using email link verification
- Using SMS verification
- Using the finger print option available on “trusted” devices
- Limiting user permissions (learn how Xero limits access to selected services)
SMS verification for 2FA or MFA
I believe that SMS verification is the best way to ensure it is really you who is logging into an online service but what you have have several users attempting to login to the same service as part of their work? That becomes annoying.
Authentication is a massive issue these days and when you have some downtime over the Christmas period have a think about how you, your family and even your work colleagues are protected online.
Wikipedia has an interesting article about the most popular passwords over the last decade. If you are using any of these passwords to protect your bookkeeping data I would look at changing them quickly.
Online Courses in the festive season
Our team are available for important support every day of the year. We are monitoring our online services for all sorts of malicious attacks so you can learn online 24 hours a day, 7 days a week.
You can enrol now and learn when you are ready and here are some popular courses: