[techtalk] CYBER SECURITY - Secure Your Data with this Strong Authentication Option
HANNING Darci * SLO
darci.hanning at slo.oregon.gov
Tue Oct 15 15:05:40 PDT 2024
Welcome to the latest issue of Tech-Talk!
Reminder: When accessing resources at the Tech-Talk website<https://www.tech-talk.com/login/oregon>,
use ORLIBTECH for both the username and password when prompted.
Tech-Talk is a paid subscription service for staff of Oregon libraries and is supported in whole by the Institute of Museum and Library Services (IMLS) through the Library Services and Technology Act (LSTA), administered by the State Library of Oregon.
Authentication Apps
[https://files.constantcontact.com/ee1208b4001/34916cb2-412f-43fa-8294-1f7ecb0e9a3d.png]
[Wooden crate filled with apples on grass, with a red button labeled "View the Tech Tip video Here" superimposed on the image.]<https://opiayfbab.cc.rs6.net/tn.jsp?f=001-EiuVgxTLOpmaKXeUbtW9ukwO6lB8iBiMNxLbM2hrXM752zZ7SSnwb43ejQyIHP1qyCrjKqFR8yGSYFjMlfCL-HtZSUuJzDs9-qJv-9LWgYnm7JndlzcamOb7sq9O9uzo9qcjFoptrOvBPuHfMSbwXu6LRfz9ujs7L7IYlshTEJlgfP81hyYJvOKONuYcVGd6vySE3ZLdgFdnZGJfSRYBup9uXdYtaqxDVNhIgJ-jpA=&c=khZhUb6RFWiqoG3a3X1YXnNcnKHHvNMI9azTXzx5lRoNKO_Y9xdP1g==&ch=tTx8yhP4EE62R4ysiF8yejqTWBMjQmjs6WD8m2qXEwC399vI3hgyOw==>
Photo by Jen Theodore<https://opiayfbab.cc.rs6.net/tn.jsp?f=001-EiuVgxTLOpmaKXeUbtW9ukwO6lB8iBiMNxLbM2hrXM752zZ7SSnwb43ejQyIHP1XFErywyUK_fYGC-Kmary38cII281rq9awRcDGC4MgFzCObBMbo5w59mz1n4iyHVCoUerFL1WWLPqyxj1q7tcqJ8Zt4Levgl7IIS62lR2aoHfUjhMmFOX5az0X58ld3-x-Xxr8wRaICVwO1nhzivvNZj4fX-ZGQwI1NG42HyV2T4frjOgcONDGWIE0VGaKYkl2DmHnPZDTSoSfteKqt78uA==&c=khZhUb6RFWiqoG3a3X1YXnNcnKHHvNMI9azTXzx5lRoNKO_Y9xdP1g==&ch=tTx8yhP4EE62R4ysiF8yejqTWBMjQmjs6WD8m2qXEwC399vI3hgyOw==> on Unsplash<https://opiayfbab.cc.rs6.net/tn.jsp?f=001-EiuVgxTLOpmaKXeUbtW9ukwO6lB8iBiMNxLbM2hrXM752zZ7SSnwb43ejQyIHP1CJ5NrAzSBJMRXWTQX6pGTGEGlYf8PqFDrigvgjKQBLZDLmPzAFlENTORTtJTUt85LHRyoIHWJMpkWYUM1zGmOpiMuEZbQ-waGv1CPEb_ZXZonf00IWYnxzcfb9zxNK2MLGaDuItnl6-DEGkDcO8qCScc9OGfmkFKbL2AcbqpNMF83QF0gA3GG31wZeLaDTSS6L7tIROG3xiKXKYsGsm9RDDjBdRZSNM26dS3ubwVub10l10hku3QgXDJ61eckWYE8INcULajd-EtF2rX2A1XQQ==&c=khZhUb6RFWiqoG3a3X1YXnNcnKHHvNMI9azTXzx5lRoNKO_Y9xdP1g==&ch=tTx8yhP4EE62R4ysiF8yejqTWBMjQmjs6WD8m2qXEwC399vI3hgyOw==>
[https://files.constantcontact.com/ee1208b4001/e25f6bcf-26a8-4e59-91f2-cc248962042d.png]<https://opiayfbab.cc.rs6.net/tn.jsp?f=001-EiuVgxTLOpmaKXeUbtW9ukwO6lB8iBiMNxLbM2hrXM752zZ7SSnwaMDrTUOnJpao9kMfEHjySakx6nYoSGUZteUTS9VMXAqfZ7SZIzo24xapdWsArsWfCIk5qAvd8XT4zZ6hxTexCsaeCaLqOjoqRSwNRziOnTs&c=khZhUb6RFWiqoG3a3X1YXnNcnKHHvNMI9azTXzx5lRoNKO_Y9xdP1g==&ch=tTx8yhP4EE62R4ysiF8yejqTWBMjQmjs6WD8m2qXEwC399vI3hgyOw==>
Webinars for You
NOTE: All webinars begin at 3 pm ET / 2 pm CT / 1 pm MT / 12 Noon PT and are one hour long.
NEW DATE! Oct 16: [WORD/Google Docs] Mastering Document Templates and Formatting. Why attend? If you want a consistent look with docs.
Oct 23: [GRAPHICS] Use AI Tips and Strategies to Solve Problems and Craft Perfect Text. Why attend? If you want faster answers & better text.
Nov 6: [INTERNET] Organizing Your Documents in Cloud Storage. Why attend? If you have trouble finding what you need.
Nov 20: [VIDEO] How to Pick the Perfect Video Creation Resource for Any Situation. Why attend? If you want to understand all your video options.
View Webinars and Register Here<https://opiayfbab.cc.rs6.net/tn.jsp?f=001-EiuVgxTLOpmaKXeUbtW9ukwO6lB8iBiMNxLbM2hrXM752zZ7SSnwbe0WNfdxYiFCV8fTrahpgIw66NN4jqDMuxlxxAOwF2s38yAUdhDGJN52lR_qzsyJwUGRuhq4aU8MlzFjy7b-YcRi-Qb67xVtm9b9CXCFlKNjCknDwTVtiU=&c=khZhUb6RFWiqoG3a3X1YXnNcnKHHvNMI9azTXzx5lRoNKO_Y9xdP1g==&ch=tTx8yhP4EE62R4ysiF8yejqTWBMjQmjs6WD8m2qXEwC399vI3hgyOw==>
CYBER SECURITY - Secure Your Data with this Strong Authentication Option
Intermediate and Advanced
You may have noticed that when you log into a website, you're being prompted to set up a second level of security to make it more difficult for hackers to breach your account. This extra layer is referred to as 2FA, or 2-Factor Authentication.
[Person holding a smartphone displaying a 2FA authenticator app with codes, sitting at a desk with a laptop in the background.]
The "2" in 2FA refers to a second way of validating your account. You're probably using it already! There are a few different methods, and many platforms let you pick your preference:
1. You are sent an email message with a 6-digit code to enter.
2. You're sent a text message (a push notification) with a code to validate.
3. You need to enter the answer to a secret question that you set up.
4. You log in using biometrics with your fingerprint or face/retina scan.
5. Or, you use an Authenticator app that is set up on a mobile device and you enter a 6-digit code.
TIP: Learn more about why using 2FA is important in this Tech-Talk article<https://opiayfbab.cc.rs6.net/tn.jsp?f=001-EiuVgxTLOpmaKXeUbtW9ukwO6lB8iBiMNxLbM2hrXM752zZ7SSnwfhC3aHRolShKJS5fbUK8pDtJvJvrK3obGeoYEkqSKtxm8q95CVtnMEYz-3Z9ghpqBKnKTqlpdy4i6YEfQpCxFvJw3CSNBxP5dqY_DY7NcOh6s35juAOwP_fpMGeZg7EFO-nJkoR_KObIe36jQAWfrZf7Ryqydu_5NUju5WPS31Qhz3Mf13oUZmwfeoUlm6-GQ==&c=khZhUb6RFWiqoG3a3X1YXnNcnKHHvNMI9azTXzx5lRoNKO_Y9xdP1g==&ch=tTx8yhP4EE62R4ysiF8yejqTWBMjQmjs6WD8m2qXEwC399vI3hgyOw==>.
The first four methods above are pretty self-explanatory. But you may be asking, "What is an Authenticator app? It sounds complicated." Actually, this form of authentication is very strong, and pretty easy to set up with a little understanding.
What's Different About an Authenticator?
First, you'll find this option more frequently on sensitive types of sites… banks, credit card companies, healthcare accounts… sectors involving personal data where hackers can get in and do damage.
Second, an Authenticator app (on your mobile device: phone, tablet) shows you "dynamic" code, usually six numbers. It's considered dynamic (changing every 30 seconds) instead of static (fixed), because it reacts to what is going on ... much like a recipe where the ingredients change based on what is available in the kitchen. This authentication method strengthens your security.
There are many different authenticator apps, with typical examples being Google Authenticator, Microsoft Authenticator and Duo Mobile (popular in the business world). In the Apple world, it's just called Authenticator.
There are several reasons why the use of an authenticator provides stronger protection for you and your data.
1. Dynamic Codes. Because authenticator apps generate time-sensitive, one-time-use codes that change every 30 seconds, even if someone steals a code, it becomes useless shortly afterward.
2. You don't need the Internet. Since the codes are generated locally on your device, hackers can't intercept them in transit like they could with email or text messages.
3. Reduced risk of password compromise. Even if a hacker knows your password (yes, you still will have one), they won't be able to log in without the one-time code generated by the app.
Can You Choose Which Authenticator to Use?
[Icons for three apps: Microsoft Authenticator with a blue lock, Google Authenticator with a multicolor design, and Authenticator App with a blue shield.]
Whether you can select the authenticator or not depends on the business or service. Some allow you to choose any authenticator app, as long as it supports standard protocols.
However, some businesses require you to use a specific authenticator, especially if they have their own app, like Microsoft Authenticator or Apple (the blue shield with white checkmark).
How the Authenticator Apps Work
[Colorful star-like symbol with blue, red, yellow, and green arms on a white square background.]
1. Download the App
First, you need to download the free app to your mobile device (phone, tablet). For this example, we will use the Google Authenticator, but each works similarly.
· For Android devices, go to the Google Play store and search on Google Authenticator.
· If you are using an Apple iOS device, go to the App store and search for it there.
2. Initial Setup on Web Platforms
After you have downloaded the app, you'll need to connect web tools that offer this type of 2FA to your authenticator app. You only need to do this ONE time per account ... and you don't have to do it until you have a need. (We just want to make sure you're aware of this method for when you're asked to use it.)
This process is different in each type of platform, but generally, the steps work like this:
1. When you're in a web tool or app that works with an Authenticator app (e.g., Google, Dropbox), in the security setup process, a QR code and/or secret key will be revealed.
[https://files.constantcontact.com/ee1208b4001/29a84aa7-672b-42a1-aaa2-1524b965f90c.png]
2. Open the Google Authenticator app on your mobile device and on the Home screen click the Plus button in the bottom right of the screen.
[Google Authenticator app screen showing a list of accounts and a red arrow pointing to a plus button in the corner.]
[Menu options for entering a setup key or scanning a QR code, with a colorful plus icon highlighted by a red arrow.]
3. Either enter the setup key provided or Scan the QR code.
NOTE: You normally open your phone's camera to scan QR codes, but in this process, you initiate the scan of the QR code from inside the app.
4. The authenticator app will give you a code to put into your website platform to connect them.
[Text box showing two-factor authentication code entry with placeholder.]
You may be shown "Recovery Codes" that you can use if you can't access your authenticator. Copy or download these and save them in a safe place.
[Screenshot of a webpage showing instructions for downloading recovery codes from an authenticator app, with a download button below.]
[https://files.constantcontact.com/ee1208b4001/85c794f5-2238-4d89-85ab-cb1ca9b2bdc4.png]
Now you've connected the platform with the Authenticator app on your mobile device.
NOTE: In the Google Authenticator app, the name of the platform is shown in your list of connected sites. There may be occasions when you have more than one by the same name. For example, you may have two Facebook logins or two MailChimp accounts. In this case, on the line with the codes for the app, swipe left and click on the blue pencil icon. This lets you rename it so you can tell which account is which. Look for this option in other types of Authenticators as well.
Use the Authenticator App When Logging In
Now that you have connected an account to your authenticator app, the next time you log into it, enter your username and password and then:
[Google Authenticator app screenshot with a search bar and a highlighted passcode 301 522.]
1. You will be prompted to enter a verification code.
2. Open your Authenticator app on your mobile device and view the line item for that platform.
3. Type in the six-digit code. Remember, it generates a new six-digit code every 30 seconds. Don't worry, enter what is displayed.
That's it, you should be logged in!
What About Multiple Users ... in One Account?
Now, you may be thinking that if you set up extra layers of security it will cause hiccups for those accounts where you have more than one staff member using the same username and password.
For example, you may have three different people that use your Constant Contact platform. Because 2 Factor Authentication (2FA) is dependent on personal codes (whether you are using a text or email code or an authenticator app), you need your own login.
Many of these platforms now offer multi-user options so that ONE account can be accessed by several people, all with their own login credentials.
Or, in platforms like GoDaddy or Siteground Hosting (and many others), instead of multiple login credentials for the same account, you can delegate access to others through sub accounts.
[A series of smooth, dark stones arranged in a line, half-submerged in calm, reflective water with a soft, gray background.]
Communication: Online Engagement
Give feedback when people contribute
Whether you are holding an online session and you've asked people to tell you something in chat, it will be well worth your time to always summarize what the consensus is.
Example: "Yes or No in chat, have you ever attended a Tech-Talk webinar?" [People put their answer in chat.] You watch what is said and give feedback. For instance...
1. "It looks like 40% of you have attended a webinar." OR
2. "I see that Charlie, James and Deanna have attended a webinar."
In the case of #1, you have a lot of responses and you're just wanting to see the approximate percentage. Now it's fine, that you have the info you want, but if you'd like your attendees to answer in the future when you ask a question, you must acknowledge the fact that they've made a contribution. You've asked a question; now tell them what you see as the answer.
In the #2 example, you point out as many individuals as you can by first name. That makes them feel good. It shows that you've seen their answer. It activates the engagement so that the session is not just one way.
CAUTION: There is one caveat with this second approach. If you get most of them, but not all of them, the ones who are missed will notice and feel left out. So only use the #2 technique under one of two circumstances:
1. There are LOTS of names, so no one will expect you to get them all; just a sample. Then they know you are looking at their answers, so it was important to give input. If the answers are coming in faster than you can read, tell them that ... and that you're reading a sample of them. TIP: For fast scrolling chat, you can put your cursor in the scroll area and hold it. That will stop the movement and you can then control the speed with your mouse.
2. The other situation is when you have a very small number of contributors and you know you can get to them all!
[https://files.constantcontact.com/ee1208b4001/b13a7a6a-7445-4d8e-b741-4b475385ef5b.png]<https://opiayfbab.cc.rs6.net/tn.jsp?f=001-EiuVgxTLOpmaKXeUbtW9ukwO6lB8iBiMNxLbM2hrXM752zZ7SSnwQLJy2r86As4zfwDWGTUkpVtXPSbdCzE1FjBGzfYsqbXl14fGgWVrKdCyYH-F2dfbJhrcW3l-JvuxzI1X66fYwWawHDdBD8ZSyit8Rs4TcfUNRvhcuoVEmk=&c=khZhUb6RFWiqoG3a3X1YXnNcnKHHvNMI9azTXzx5lRoNKO_Y9xdP1g==&ch=tTx8yhP4EE62R4ysiF8yejqTWBMjQmjs6WD8m2qXEwC399vI3hgyOw==>
[Ask a question]<https://opiayfbab.cc.rs6.net/tn.jsp?f=001-EiuVgxTLOpmaKXeUbtW9ukwO6lB8iBiMNxLbM2hrXM752zZ7SSnwdGcMSRD_T4j1UytktQH3CxZe2CuJFu-mpt0uPj61zVFNEtW-tcTB-OhxtjwT8XqJwJ_JeNCSXFupRh3ZptSCJNRze9LTPCb8LdQpWPqa_zqcT_BLBDKXxQ=&c=khZhUb6RFWiqoG3a3X1YXnNcnKHHvNMI9azTXzx5lRoNKO_Y9xdP1g==&ch=tTx8yhP4EE62R4ysiF8yejqTWBMjQmjs6WD8m2qXEwC399vI3hgyOw==>
Copyright 1996-2024 Shared Results International. Published weekly. Distribution is limited by license. For information on how to include additional recipients, contact support at tech-talk.com<mailto:support at tech-talk.com> 585-615-7795.
Cheers,
Darci Hanning, MLIS (she/her/hers)
Public Library Consultant / CE Coordinator
Continuing Education Resources: https://libguides.osl.state.or.us/conted
State Library of Oregon | Library Support and Development Services
971-375-3491 | darci.hanning at slo.oregon.gov<mailto:darci.hanning at slo.oregon.gov> | www.oregon.gov/library<http://www.oregon.gov/library>
[State Library of Oregon (Logo)]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/techtalk/attachments/20241015/800070cd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 15548 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/techtalk/attachments/20241015/800070cd/attachment.png>
More information about the TechTalk
mailing list