Login to your account

Username *
Password *
Remember Me

Blog

Two-Factor Authentication: What You Need to Know

Two-Factor Authentication: What You Need to Know

You may have noticed lately that more businesses have made signing in to your online account more of a hassle. Most of the time, this is a one-time passcode that's sent to your phone number or email. This is an example of two-factor authentication, a method of proving your identity. Two-factor authentication is a concept in cybersecurity that tries to make it more difficult for someone to access your personal info online. If you're running an online business or just a consumer struggling to understand why there's this extra step, here's a brief explanation of two-factor authentication and how it helps you stay secure.

What is Authentication?

In cybersecurity, authentication is the process of proving that someone is who they say they are. This is to give that person permission to carry out specific actions. If you're an average consumer, authentication is you proving to your online bank app that it's actually you, so you can manage your finances online. In the past, this was accomplished with a simple username and password combination. As hackers have gotten more sophisticated and computing power has improved, it has gotten easier for criminals to guess a simple password. For instance, the password "password" (one of the most commonly used on the internet) takes .19 milliseconds to crack using modern software. Even though making passwords more complex will increase the time it takes to crack, it's still possible. Hackers can also try to gain access to your recovery email and reset your password that way. If the website you're using uses a username/password combination, anyone who knows that information can impersonate you.

The combination of a username and password is an example of single-factor authentication. In this context, a "factor" can be broken into four categories - something you know, something you are, something you have, or something you do. While you can increase the complexity of one-factor authentication, it's only so effective. As mentioned above, a criminal might be able to hack the email account you use to recover a forgotten password or to gain access to a company's server that stores customer passwords. Your data could easily be included in the data breaches you hear about in the news where online companies lose the data for millions of customers to criminals. In those cases, log into your account and change your password immediately. These cases illustrate the point that single-factor authentication is not foolproof.

Increase Your Online Security

Adding a second factor to the authentication process gives you more security because the odds are low that a criminal has access to both factors. Using your debit card to get cash at an ATM is a classic example of two-factor authentication. It requires you to both have something (the card), and know something (the pin). That annoying one-time passcode your bank or email sends your phone is another example of two-factor authentication. It requires you to remember your password and to have your phone number. Some companies and government organizations have a token that's used for logging in. It's basically an identification card that stores digital certificates that prove you're you. They also require a pin or password to fully authenticate.

Biometrics, the use of parts of your body (face, fingerprints, retinas, or your DNA), is single-factor authentication in the "what you are" category, and are much harder for a criminal to fake. As long as the software and hardware are properly calibrated, these methods of authentication are secure and almost impossible to be fooled. Even if you've never encountered them in real life, movies abound with high-tech areas that require a handprint or a retinal scan to access. While these systems can have vulnerabilities, they are much more secure than traditional passwords. As biometric recognition software and hardware becomes cheaper and more prevalent, expect online systems to start using it as a form of two-factor authentication.

Safety Can Be a Compromise

You may also hear the term multi-factor authentication, which is a catch-all term for anything more than one-factor. This generally refers to two-factor, though there are organizations that require even more security measures to be in place. In this case, you might be required to have some form of access card, know a unique pin, and submit to a retinal scan to authenticate yourself. Again, each added factor makes it increasingly unlikely that a criminal can successfully fool the system. However, each additional factor adds equipment and maintenance costs, requires hiring more personnel to manage, and requires employees and customers to jump through more hoops to comply. This is a constant struggle in business, making information more available to the people that need it vs. keeping that information secure. There are costs associated with each.

In the end, the level of authentication a business uses should be tailored to meet their needs. Banking and healthcare systems need to be secure because of the sensitive information they store, while something like an online publication may not need to be as secure. As a consumer, you should treat each online transaction or activity as if someone is trying to get your information, and you should take the appropriate steps to protect yourself. If it's just a password to log in, pick a complex one, or better yet, a specific phrase that only means something to you. If you are prompted to use additional factors to authenticate, be sure to use them as well. The company in control of your information is just trying its best to keep you safe.

Read 1874 times Last modified on Thursday, 04 June 2020 16:26
Rate this item
(1 Vote)
5 Tips for Creating a Great UX  - STEP Software Inc. - Custom Software Development https://t.co/I4cPf4ngRS https://t.co/PmPDcrLJwr


Our exceptional talented developers and supportive team, combined with our highly effective, well-developed methodology has provided custom applications to Fortune 500 corporations and entrepreneurial companies.

 

Latest Posts from Blog

Is Your Organization Prepared for a Ransomware Attack?

Is Your Organization Prep...

Various reputable sources, including the United St...

Privacy Concerns: New Technology to Grade Meetings Through Surveillance of Attendees

Privacy Concerns: New Tec...

Like it or not, data collection technology is perv...

How SaaS is Changing IT Departments

How SaaS is Changing IT D...

As software as a service (SaaS) tools continue to...

LibreOffice: An Open Source Alternative to Microsoft Office

LibreOffice: An Open Sour...

The phrase "open source", as used in the title, ca...

Teleworking: Information Security Essentials for Organizational Leadership

Teleworking: Information...

Teleworking: Information Security Essentials for O...

Free, Reliable Tools to Help You Protect Yourself From Identity Thieves

Free, Reliable Tools to H...

There are many reputable free tools available onli...

7 Common Myths About Hypertext Transfer Protocol Secure (HTTPS) You Shouldn't Believe

7 Common Myths About Hype...

Hypertext Transfer Protocol Secure (HTTPS) has sur...

10 Tips for Developing a Disaster Recovery Plan (DRP)

10 Tips for Developing a...

Most businesses rely on information technology (IT...

5 Ways an IT Provider can Save Your Business Money

5 Ways an IT Provider can...

Outsourcing your IT department offers impressive b...

The Psychology of Data Theft: Tricks Social Engineers Use and How to Fight Back

The Psychology of Data Th...

Identity theft has reached epidemic proportions, w...

Two-Factor Authentication: What You Need to Know

Two-Factor Authentication...

You may have noticed lately that more businesses h...

10 Easy Ways to Improve Your Zoom Experience

10 Easy Ways to Improve Y...

Amid the self-isolation and quarantining of the CO...