Your password alone is not enough to protect your online accounts. When your account details leak, such as in the case of the hacking of the San Beda University student portal, hackers will try to use the stolen credentials on other platforms such as Facebook, Google, Twitter or maybe even online bank accounts.
If a victim is using the same username/email and password combination on another platform, the hacker gains access to that, and does more potential damage.
One way to curb this is through the use of one-time passwords (OTP). If an OTP is active on an account, the online platform will ask for a secondary password after the hacker puts in a working email and password combination. The one-time password will be sent to either the email address or the registered mobile number of the victim. However, it may be safer to have the OTP sent to your mobile. If you happen to be using the same password on your email account, then there's a chance that the hacker will also be able to get access to that account. With your mobile number at least, it's with you physically – unless you've had it stolen, and you didn't put a PIN on it.
Most online platforms today have the option for one-time passwords.
OTPs are a form of two-factor authentication. There are also other ways that online platforms can give you a secondary layer of protection such as answers to questions only you may know and fingerprint scans. We're focusing on OTPs here. The steps are below for some of the more popular platforms.
If you choose to have OTPs via a third-party authentication app, Facebook will show you a QR code and an activation code. You need to download an authenticator app like Google Authenticator to scan the QR code or input the activation code. On Google Authenticator, simply tap the "+" button on the bottom right, which will give you the option to scan the QR or input the activation code.
Once you finish these steps, you're done.
Remember, setting-up two-factor authentication on your account doesn’t mean you’re going to be completely safe from any kind of cyberattack. You’ll be more protected, yes, but, you still have to remain vigilant on possible threats and avoid sharing your private information. Check your other online accounts as well for two-factor authentication and one-time password features. – Rappler.com