Even if you’re steadfast, choose complicated passwords, and don’t reuse them, it’s still only a matter of time. The world’s greatest password will not protect your data. A website can get breached and your password will be compromised. Even the best password managers have had security issues.
We caution against relying heavily on SMS–based two–factor authentication. There’s a trial going on right now involving a criminal who stole millions of dollars from a cryptocurrency investor by enacting something called a SIM swap and then exploiting text–based two–factor authentication to access his mobile account. This is a roundabout way of circling back to Zero Trust. Yes, it’s important to choose a strong password, to change it regularly, and to never share or reuse it. But your company’s cybersecurity should be dense and layered like an onion, especially if your firm is security–minded or regulated.