Best practise security measures April 23, 2024 22:19 Updated Cyber attacks are on the rise, and while service providers are doing everything they can to keep you safe, there are several measures that you can (and should) take to keep your account secure. Use a Strong Password A common method used by hackers to obtain passwords is "password spraying." This is when an email address for an account is known to a hacker, and they use software (a.k.a a "bot") to test common character combinations ("12345", "qwerty", "password" etc.) against it in the password field. As these bots learn more and more common combinations (such as dates and names), they become smarter and more successful. By using a random combination of varying case letters, numbers, and special characters as your password, the risk of having your password successfully guessed via password spraying can become infinitesimal. Use Unique Passwords One of the most common ways in which hackers obtain passwords is through data leaks from popular online services. When such a leak happens, hackers have access to databases of literally millions of username and password combinations which then allow them to perform something called "credential stuffing"; using bots to test every username and password combination on a wide range of high-value online platforms such as banks. When you use the same password for multiple applications, your exposure to the risk of such an attack is increased. To protect your accounts against such an attack, it's best to use unique passwords for each application so that should one of your passwords get leaked, it will not work for any of your other online accounts. Update your Password Regularly While this may seem like an effort, it's actually one of the most effective strategies you can use to protect your account from hacks. Even just updating your password every 30 days (using a strong, unique password each time) can significantly reduce the risk of a bot being able to determine your password, as it shortens the amount of time available to run the millions (or billions) of possible combinations required to correctly identify the correct sequence before it is changed. Use Two-Factor Authentication (2FA) Two-factor authentication is a two-step login process, whereby upon entering the correct username and password for an account, a one-time PIN or code is sent to a registered mobile number via SMS, and then entered into the login portal before access is given to the account. If you have 2FA set up on your account, hackers will be unable to access it using your username and password alone, as they would need to also have access to that code, which gets sent to your mobile - not them. Be careful when interacting with people on external sites (such as peer-to-peer ecommerce platforms) who claim to have sent you a code to verify yourself, as this could be a hacker trying to access an account of yours with 2FA (the "verification code" they claim to have sent you is actually the 2FA code being sent to you from a platform they are trying to access using your login credentials). You can set up 2FA on your Messaging Hub account easily - just read this article for more information. Use Single Sign-On (SSO) More common with larger organisations, SSO allows users to access multiple platforms via a single, secure authentication source. This allows IT administrators to better manage team access and keeps sensitive information more secure. SSO is available for your Messaging Hub account - read this article for more information. Don't Share your Login Credentials While this might seem like an obvious measure, you'd be surprised at how common it is for login credentials to be shared across teams and organisations. If you need multiple users to have access to your Messaging Hub account to send messages, you can invite them as users so that each individual has their own set of login credentials to gain access. You can also create sub-accounts and assign user roles to manage access to information and permissions. Pay Attention If you are informed of a security breach by any service to which you have a login, change your passwords immediately - no matter how small the risk may be. Although this may be an inconvenience, it will provide you peace of mind and protect you against potential attacks on your accounts as a result of your data being leaked. If you've got questions or concerns about account security, or you'd like to talk about ways you can make your account more secure, contact us at support@messaging.tpgtelecom.com.au. Related articles SSO (Single Sign On) Configuration SPF & DKIM Configuration for Email to SMS Identifying scam or phishing emails 2-Factor Authentication Assigning Conversations in the Inbox