In response to the recent theft of millions of user records from DNA genetic testing giant 23andMe, several major DNA testing and genealogy companies are taking significant steps to enhance account security. These companies, including Ancestry, MyHeritage, and 23andMe, are now requiring users to enable two-factor authentication (2FA) by default.
Two-Factor Authentication: A Security Game-Changer
Two-factor authentication is a robust security feature that adds an extra layer of protection to user accounts. When enabled, 2FA requires users to provide both their password and a second form of verification, such as a code sent to their phone or email address. This makes it significantly more difficult for hackers to gain unauthorized access to user accounts.
Ancestry Takes the Lead
Ancestry has been at the forefront of this movement, with the company sending emails to customers informing them that they will require 2FA for all users signing in to their account by the end of the year. According to Ancestry spokesperson Gina Spatafore:
"Ancestry is requiring all AncestryDNA customers who want to view their DNA matches to use multi-factor authentication to log into their account. This requirement will go into effect by the end of the year."
MyHeritage and 23andMe Follow Suit
MyHeritage has also announced that it will soon make 2FA a mandatory requirement for its DNA customers, citing the recent data theft at 23andMe as a key reason for this decision. In a blog post last week, MyHeritage stated:
"Two-factor authentication will soon become a mandatory requirement for our DNA customers. This is an important step in protecting your account and ensuring that only you have access to your DNA information."
23andMe has also taken steps to enhance security by requiring all customers to use 2FA when signing into their accounts.
The Importance of Two-Factor Authentication
With the increasing prevalence of cyberattacks and data breaches, two-factor authentication is no longer a luxury but a necessity for companies handling sensitive personal and genetic data. The recent data theft at 23andMe serves as a stark reminder of the importance of robust security measures.
Theft of Millions of User Records
In October, 23andMe announced that it was investigating a hack that resulted in the theft of millions of user records, including one million users of Jewish Ashkenazi descent and 100,000 Chinese users. The hackers accessed 23andMe user accounts by using stolen user passwords, where they tried lists of usernames and corresponding passwords that were already made public from other data breaches.
Previous Data Breaches
Genetics and genealogy companies have previously been targets of cyberattacks and data theft due to the sensitive nature of their data. In 2020, DNA analysis site GEDmatch experienced two data breaches that exposed users’ data, while in 2019, DNA testing firm Veritas Genetics was hit by a data breach that compromised customer information.
Conclusion
The recent move by Ancestry, MyHeritage, and 23andMe to require 2FA by default is a significant step towards enhancing account security. As the importance of robust security measures continues to grow, it is likely that other companies will follow suit in order to protect their users’ sensitive information.
Additional Reading
- Hacker leaks millions more 23andMe user records on cybercrime forum
- Ancestry is requiring all AncestryDNA customers who want to view their DNA matches to use multi-factor authentication to log into their account
- MyHeritage said in a blog post last week that two-factor authentication will ‘soon become a mandatory requirement for our DNA customers’
