icon Maintenance icon Incidents
mobile-menu mobile-menu
menu

Phishing Highlights the Importance of Strong 2FA

Home » Phishing Highlights the Importance of Strong 2FA
Back

Phishing Highlights the Importance of Strong 2FA

Since 28 April, phishing emails have been circulating that specifically target BIT customers. In these targeted spear phishing messages, users of the BIT Portal are asked to log in via a fraudulent link. These emails are explicitly not sent by BIT.

Phishing emails are sent out constantly, not only to BIT customers. To limit the impact of potential misuse, we recommend enabling 2FA using TOTP on your portal account or accounts. This option has been available in the BIT Portal since 2018 and remains an effective way to strengthen account security.

→ TL;DR

What is TOTP and why it matters

Since 2018, the BIT Portal has supported 2FA based on TOTP, which stands for Time based One Time Password. In addition to a password, something you know, TOTP adds a second factor: something you have, typically an authenticator app on your phone.

Even with a strong, unique password, hackers may still gain access to your accounts through phishing or data breaches. The risk increases further if passwords are reused. With 2FA, access is only granted when both factors are correct, which significantly reduces the likelihood of misuse.

How does TOTP work?

TOTP uses a shared secret between the user and the service. During setup, this secret is usually exchanged via a QR code. Your authenticator app then generates a temporary code based on this secret and the current time. This code typically changes every 30 seconds.

Why TOTP is better than SMS

Some services and websites offer 2FA via SMS. While that’s better than nothing, it does have drawbacks. SMS messages can be delayed and are vulnerable to attacks such as SIM swapping, where a hacker takes control of your phone number.

TOTP works independently of the mobile network and generates codes locally on the device. This makes it faster and less susceptible to interception.

Getting started with TOTP

Setting up TOTP for your BIT Portal account only takes a few minutes. You can enable this option in the BIT Portal via the password and authentication settings. You then link an authenticator app by scanning the displayed QR code and confirming the generated code once.

Common authenticator apps include:

  • Authy, which is useful because it offers cloud backups, although this may also be seen as a drawback
  • Google Authenticator for Android and iOS
  • Bitwarden Authenticator, integrated into the password manager

The choice of a specific app depends on your preferences, for example regarding backups and integration with existing tools.

TL;DR

TOTP is now commonly available as a way to improve the security of accounts that previously relied only on a username and password. In our view, TOTP is simply excellent, and there’s a good reason we’ve chosen it. It’s fast, secure and free. The small effort required to set it up is more than worthwhile to protect your digital working life from malicious actors.

Have you already enabled TOTP on your most important accounts?

By Kristian de Bruijn