This information may include the schools in which they attend or have graduated, pet names, favorite music or places to eat, and even nicknames they may use with their friends.
But according to the FBI, many malicious agents could use this information to retrieve passwords to accounts or take control of them.
The FBI also recommends that you always enable two-factor authentication (2FA) or multi-factor authentication (MFA), where possible.
The same was stated last year by the Microsoft and Google, explaining that MFAs are the way to go if you don't want your email profiles to be compromised after an attack. As reported, a user's account is more than 99,9% less likely to be compromised if using MFA.
Google Reported also in a report that “simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks and 66% of targeted attacks.
Although in general MFA can protect you at 99,9% attacks Targeting your online accounts, the FBI has discovered that there are agencies that can bypass multi-factor authentication through social engineering and technical attacks.
The agency shared several examples of how malicious agents managed to bypass MFA between 2016 and 2019, including vulnerabilities in applications handling MFA, SIM swapping attacks and a 2FA circumcision tool kit consisting of NecroBrowser and Muraena tools.
However, its use is still very important for your safety.