Online cybercrime isn’t going away

According to the latest reports (by Norton Antivirus & Digital Security), there are just under a million cyber attacks each year – that’s the equivalent of about 1 attack every 40 seconds.

I’ll preface what I’m about to share by saying that if someone has enough knowledge and the desire to hack an account, they’ll probably crack it eventually.

To help protect our online accounts, we need to use the tools provided by the platform owners at a minimum, otherwise, we’re leaving our data (and our subscribers’/clients’ data) exposed unnecessarily.

Most platform providers these days will offer a form of enhanced security, normally via something called “Multi-Factor Authentication” – MFA.

As the name suggests, it gives us added security because, once set up, our accounts need ‘multiple’ forms of authenticating who we are before we are granted access; you’ve probably seen it most commonly on your banking apps, being asked to enter an ‘OTP‘ (One Time Password).

The downside to an enhanced security layer

Unfortunately, as we inconvenience the baddies by making their lives more difficult, we’re also making it more inconvenient for us to access our everyday accounts – as we need to provide more information to app challenges, and sometimes use apps or platforms that are external to the actual platform we want to login to.

Let’s take the obvious example of ConvertKit, as that’s what I’m sharing with you in this article; with a basic login setup, all you need to do is enter your email address and secure password, as shown below;

If you can provide valid data for these two challenges (i.e. email and password), you’ll be granted access to your account. Simple, right?

But the easier it is for us to log in, the easier it is to be cracked by those hackers out there looking for mischief.

Once you configure multi-factor authentication for your ConvertKit account, every time you log in you’ll be challenged for either a 6-digit code from an authenticator app (I explain these later in this article), or a 6-digit code sent to a nominated mobile device phone number via SMS, which needs to be entered into ConvertKit before you can access your account.

So, we do have a downside with MFA, but worth it for better security, IMHO.

How to set up Multi-Factor Authentication in ConvertKit

To set up multi-factor authentication in ConvertKit, you need to navigate to the ‘Settings’ menu option, at the top-right of the desktop app;

Once at the ‘Settings’ page, scroll down to the ‘Multi-Factor Authentication‘ section.

You can add one or two ways of authenticating your account, via an authenticator app (e.g. Google Authenticator), or SMS on a mobile device.

Google Authenticator

One of the most widely used authenticator apps is that of Google. Free to download and simple to use, it’s available on both the Apple and Android platforms.

Adding your ConvertKit account to the Google Authenticator app

Once you have the Google Authenticator app installed, tap to open and then tap the ‘+’ icon in the bottom-right corner of the screen.

Select the ‘Scan a QR code‘ option, and hold your phone’s camera up to capture the QR code, as presented by ConvertKit;

In the Google Authenticator app, you’ll be shown a 6-digit code for your ConvertKit account; (note, you can have multiple accounts for the same platform, so just be sure that you use the correct one, otherwise, you’ll be denied access).

In ConvertKit, click ‘Next‘ to be prompted for your 6-digit code from the Google Authenticator app;

Then click the ‘Enable Authentication‘ button, and if you entered the correct 6-digit code, you’ll have successfully enabled MFA for your account.

From now on, every time you log into ConvertKit, you’ll be asked for a 6-digit code, which is continually refreshed in the Google Authenticator app.

Adding a second authentication option (SMS via mobile)

ConvertKit also provides the option to authenticate yourself via SMS on a mobile device. It’s not mandatory, but it gives you another way of passing the MFA requirement when logging in.

You’ll see this option to enable this on the ‘Settings’ page, just below the option to enable MFA using an authenticator app.

You’ll be asked to select your country code; this is the country code to which the mobile phone number is registered, e.g. United Kingdom.

You’ll then need to supply the mobile device’s phone number – this is the number to which ConvertKit will send the SMS message.

Click the ‘Next’ button and you’ll be shown a screen that looks like this;

Now check your mobile device for your SMS message containing your 6-digit verification code – it’ll look like this;

Enter your 6-digit code and click the ‘Enable Authentication‘ button.

Once set up, you’ll see an option to ‘Use SMS instead‘; the screenshot below shows the ‘SMS’ option link at the bottom left-hand corner;

As an added measure of security, you also need to enter a 6-digit code if you ever want to disable MFA in ConvertKit.

Summary

To better secure your data (and your subscribers’) in ConvertKit, switch on Multi-Factor Authentication (MFA).

There are 2 ways in which you can authenticate your credentials; via an authenticator app or SMS messaging.

The most common authenticator app is Google’s Authenticator which is available for free on both Apple and Android platforms.

Once enabled, every time you log into ConvertKit, you’ll be asked to authenticate using a unique 6-digit code.

If you haven’t yet joined ConvertKit, here’s the link to get your free account, including a 14-day free trial of all premium features: convertkit.com