In the wake of a massive data breach at 23andMe, DNA testing and genealogy companies are taking steps to enhance user account security by implementing two-factor authentication (2FA) as a mandatory requirement for all users.
Ancestry Leads the Charge
Ancestry is among the first companies to announce its decision to require 2FA for all customers who want to view their DNA matches. According to an email sent to customers, Ancestry will "require two-step verification" for sign-ins using a code sent to a phone or email address.
MyHeritage and 23andMe Follow Suit
MyHeritage has also announced that it will soon make 2FA a mandatory requirement for its DNA customers. In a blog post, the company cited the recent data breach at 23andMe as the reason for this decision.
Meanwhile, 23andMe has confirmed that it is requiring all customers to use a second step of verification when signing into their accounts.
The Impact on Users
The move to require 2FA by default comes after 23andMe reported a massive data breach in October. The hackers claimed to have stolen millions of user records, including sensitive information such as genetic data and personal profiles.
According to TechCrunch’s investigation, some of the stolen data was advertised on cybercrime forums as early as August. The stolen data matches known and public 23andMe user and genetic information.
A Growing Concern for Genetics and Genealogy Companies
The breach at 23andMe is just one example of a growing trend in hacking attempts against genetics and genealogy companies. In 2020, DNA analysis site GEDmatch experienced two data breaches that exposed users’ data.
In 2019, DNA testing firm Veritas Genetics was hit by a data breach that compromised customer information.
Why 2FA is Essential for User Account Security
Two-factor authentication provides an additional layer of security to prevent unauthorized access to user accounts. By requiring a second step of verification, such as entering a code sent to a phone or email address, companies can significantly reduce the risk of hacking attempts.
In the case of DNA testing and genealogy companies, 2FA is particularly essential due to the sensitive nature of the data they handle.
What This Means for Users
The implementation of 2FA as a mandatory requirement will likely change the way users interact with their accounts. Customers will need to provide additional verification information when signing in, which may take some time to get used to.
However, this added layer of security is crucial to preventing unauthorized access and protecting sensitive user data.
Conclusion
The move by Ancestry, MyHeritage, and 23andMe to require 2FA as a mandatory requirement for all users is a positive step towards enhancing user account security. As the genetic testing industry continues to grow, companies must prioritize user data protection to prevent further breaches and maintain trust with their customers.
Timeline of Events
- October 2023: 23andMe reports a massive data breach, claiming that hackers stole millions of user records.
- August 2023: TechCrunch investigates the stolen data, finding matches between known and public 23andMe user and genetic information.
- November 2023: Ancestry announces its decision to require 2FA for all customers who want to view their DNA matches.
- November 2023: MyHeritage confirms it will make 2FA a mandatory requirement for its DNA customers, citing the recent data breach at 23andMe.
Recommendations for Users
- Enable 2FA: As soon as possible, enable two-factor authentication on your account to add an extra layer of security.
- Monitor Your Account: Regularly check your account activity and report any suspicious behavior to the company immediately.
- Use Strong Passwords: Use unique and complex passwords for all accounts, and avoid using easily guessable information such as names or birthdays.
- Be Cautious with Public Wi-Fi: Avoid accessing sensitive information on public Wi-Fi networks, as they may be vulnerable to hacking attempts.
Frequently Asked Questions
Q: Why is 2FA necessary for DNA testing and genealogy companies?
A: DNA testing and genealogy companies handle sensitive user data, making it essential to implement additional security measures such as 2FA.
Q: What information will be required for 2FA?
A: Depending on the company’s policy, users may need to provide a code sent to their phone or email address when signing in.
Q: How will this affect my account experience?
A: The added layer of security provided by 2FA may take some time to get used to. However, it is crucial for protecting sensitive user data and preventing unauthorized access.
Additional Resources
- Ancestry’s Statement on 2FA: Read Ancestry’s announcement regarding its decision to require 2FA.
- MyHeritage’s Blog Post: Learn more about MyHeritage’s plan to implement 2FA as a mandatory requirement for DNA customers.
- 23andMe’s Data Breach Report: Review the details of the data breach reported by 23andMe.
