In October last year, over 20,000 hacked emails from John Podesta, chairman of Hillary Clinton’s US Presidential Campaign, were released to the public via Wikileaks. The contents of these emails included many private discussions relating the campaign and resulted in much controversy in the media and public. The leak contributed to the growing mistrust of Hillary Clinton and her subsequent election loss in November.
Could it have been prevented?
The email account in question was hacked through a phishing email sent in March. This is where a fake email is sent requesting a password change, with the recipient clicking a link and essentially giving their password to the hacker.
All of this could have been prevented by using Two Factor Authentication, or TFA. If Podesta had implemented TFA on his account, the hacker would have been required to input a certain code generated separately to the password in order to be able to access the email account. Most online services now offer TFA, and some even require it. For example, most online banking services send you a text message with a code for authentication of certain transactions and a number of other websites require additional authentication via a code or an email link.
So is this important for a church?
Churches collect and store a lot of sensitive information in a number of areas. In many cases, phone numbers, email addresses and home addresses of congregation members are kept on computer systems, whether online or just on local servers. This information is sometimes transmitted via email, or is accessible by anyone with the right passwords. Furthermore, some systems, such as online payment portals, websites or online banking, can easily be compromised with access to an email account. Needless to say, it’s important that all of this information is protected as securely as possible.
TFA is simple to implement; often as simple as changing a setting in your account. Using a code generator on your smartphone such as Google Authenticator or Authy allows you to have the second factor sitting next to you at all times. Securing your accounts has never been so easy!
Combining TFA with a password generator such as Lastpass, 1Password or KeePass in will also drastically improve the security of your accounts. These generators create random passwords for each online account you have, and then store them for you so you don’t need to remember them. These passwords are accessible only if you have the Master Password as well as a TFA key (if you set that up).
Keeping electronic information secure and out of the wrong hands is incredibly important, especially for a trusted organisation such as a church. With today’s technology, accounts can be easily compromised by a variety of means. Thankfully, by implementing TFA and a password generator, increasing this security has become a lot easier.