I'm a big fan of security. I appreciate a system that is set up so that I (and only I) can get to my information. However, it's a hassle to constantly remember and change passwords.
When it comes to being secure and keeping your data safe, two-factor authentication makes a lot of sense. Or does it? Let's dive deeper into what two-factor authentication is and if it's truly secure.
Two-Factor Authentication...What Is It?
When you look at the concept of two-factor authentication at a high level, it proves that a password alone isn’t enough; you’re going to need more than the name of my cat (or my other basic data) to get inside my world. If I believe any of my passwords are compromised, by requiring another authentication mechanism I've bought myself enough time to change my password and avoid a breach.
Two-Factor Authentication lives by the premise that a combination of two things is required for someone to gain access to an account.
Note: typically, this is something you know and something you possess.
The best example many people can relate to is the ATM experience. You have PIN number (something you know) and a bank card (something you possess). It is only when these items are combined that you have the ability to access your bank account. Similarly, if you travel to a website that requires 2 forms of authentication, you’ll be asked for a password and some other proof you’re you. This is an added layer of security.
Real Life Examples
Classic examples of that 2nd form of authentication include:
- Bank card
- Key FOB
- USB stick
- The 3 digit card security code on your card
As technology gets more advanced, the forms of authentication you can use become more personal.
Taking the “things you possess” a step further, bio-metrics have made it even easier to provide that 2nd form of authentication without having to remember to stuff that USB stick in your pocket every time you want to check your email. Fingerprints, retinal scanning, and voice recognition are all current forms of authentication used on everyday devices.
Layers Of Security
Not all forms of authentication are available in every situation, nor do they make sense for all possibilities. I enjoy the convenience of fingerprint reading to unlock my iPhone, but if I need to reset a password on a website, that doesn’t always work.
More and more websites are now using text messages as a form of two-factor authentication. Websites that use text messages as a form of authentication require you to register a cell phone number so that you receive a numeric code via text whenever you are attempting to access an account, change a password, or request your login information. Since you possess the smartphone and know your password to both the smartphone and your account, this method is actually providing a few extra layers of security without even trying.
Will This Protect Me?
Are you safer now that you’re using two forms of authentication? Are you immune? Can you throw caution to the wind and start keeping your password taped to the bottom of your keyboard again? No.
From skimmers at the gas station, wire taps, and even intercepted SMS text messages, no solution is guaranteed impermeable.
Two-form authentication adds extra precaution and makes unauthorized access more difficult. This is just another way to protect yourself in a data-driven world.