Data Exposed Due to Shoddy MFA Practices by UnitedHealth
By Meredith Fahey of Digital Helpmates
Multi-Factor Authentication (MFA) (also referred to as 2-Factor or 2-Step Authentication) is a security feature everyone using the internet or email is familiar with. With this method, users supply at least two pieces of evidence (such as their password and a temporary passcode) to prove their identity before logging into accounts online.
What this looks like: After you enter your password at a website, you will be asked for a numerical code delivered to you via email, text, or through a phone call.
Sometimes, companies require a more secure way to authenticate that you’re you by delivering MFA codes to an authenticator app made by Google, LastPass, or Microsoft. (For more information about using MFA to secure your Google / Gmail account, keep reading!)
So why is this MFA step so important?
It’s because MFA has been proven to stop most forms of cybercrime easily and quickly. Without it, untold damage takes place. Just look at what happened to millions of Americans’ personal data due to one company’s decision to forego MFA:
According to a July 2024 article on ITPro.com, “Andrew Witty, CEO of UnitedHealth Group, said the cyber attack on its subsidiary Change Healthcare in February 2024 could have impacted one in three US citizens, when asked to give a rough estimate of its fallout by the US Government.”
Again, that’s 1 in every 3 people in the United States impacted. Yikes!
What can I do to protect myself?
- Opt-in to use MFA on any apps or websites that hold your personal or financial information (email, password managers, banking, insurance, shopping, medical). Note: Many of these places will already be using MFA, but some offer it only as an option.
- Monitor your accounts and credit report for suspicious activity.
- Use strong & unique passwords (13 characters min. with upper, lower, numbers, & symbols).
What can I do to protect my business?
Here is a great list of 10 steps to help protect your business (and your clients’ data) from cyber-attacks.
How do I set up an authentication app?
Get verification codes with Google Authenticator
With your Google account, you can set up MFA using the Google Authenticator app. Using an authenticator app allows you to generate MFA codes without an internet connection or cell service. Learn more about Google and 2-Step Verification here.
Microsoft has a similar authenticator app. All authenticator apps should be free to download and use — just check your device’s app store to see what’s available.
P.S. Read this blog post of ours to find out on which websites you’ve possibly had your data breached. (Hint: These are the places you should definitely turn on MFA!)
Haven’t subscribed to our “Tip O’ The Week” emails yet? It’s easy and free! Click here to sign up, it only takes a second.
Who are we? Digital Helpmates offers one-on-one tech tutoring to home and business users at affordable prices. Find out more about our Tech Tutors and Jumpstart Office Teams at https://digitalhelpmates.com.
Subscribe to our YouTube Channel: “Tech Tips for the Technically Clueless:”