What Is Two Factor Authentication and What Does It Mean?
Doug Smith
Senior Director of Content @ List Perfectly | Content Marketing | Podcast Production | AI Content Development | Social Media | ex eBay
You have more usernames and passwords than you can manage. How else would you log-in to email, social media, work accounts, and cloud accounts? Security is always an issue, and we want to keep our data safe. Usernames and passwords are not enough anymore, and most of us have had to change a password at one time or another from fear of hacking, or even had an account hacked. If you haven't been hacked or had to change a password in today's world, consider yourself lucky. As an attorney, data is one of your most important assets. You need to protect that data.
We’re a mobile society, and your company needs to be mobile. You’re not always going to be sitting at your desk at your firm in the relative security of your desktop computer and office. You need to be able to log-in to your VPN or webmail to access sensitive client information from home, on the road, or the courthouse.
Across all industries, we’re hearing more and more about this term “two-factor authentication,†or 2FA. At this point, you've probably had to log-in somewhere or to something using 2FA, whether you realized it at the time or not. Basically, 2FA is logging in to something with more than just a username and a password. If someone has your username and password, they can access your account. Even strong passwords can be broken, and even popular tools like LastPass that help with strong passwords can be hacked.
So, 2FA takes logging in a step further and makes it a bit more secure, asking for more than just a username and a password. Matt Cutts of Google explains it like this : 2FA is something you know plus something you have. So the something you know is often a password, and the something you have is often something like your phone. For example, you'll enter a password, and then a code will be sent to your phone via a text message. Once you enter the code, you'll be able to enter your account. Sounds familiar right? I most recently went through the process when setting up my Roku.
If 2FA STILL sounds new to you, think of it this way - surely in the “olden days†you used a credit card or an ATM card and entered a PIN or zip code to verify. The card is something you have, and the PIN or zip is something you know, so a basic an early form of 2FA.
Critics say that 2FA adds extra steps to log-ins and setting up accounts, depending on how a site implements the process. Sure it's a little extra hassle, but isn't the extra security worth a little hassle and time for your firm and clients?
You can't use 2FA everywhere but there are a number of common sites that currently offer 2FA as an option. For a comprehensive list, check out twofactorauth.org.
Google and Gmail require 2FA when you log in from a new device, requiring that a six digit code verification be sent to your phone. Yahoo mail does the same.
Some of your social media accounts use 2FA as well including Facebook, Twitter, and LinkedIn. Common cloud services like Dropbox and Evernote use 2FA, as do Steam, Amazon, Paypal and more accounts.
Most sites that use 2FA will allow you to enable it for your account, and you should do so. Sure, it's another step, but how many times have we heard of accounts being hacked whether it be online shopping accounts, email accounts, government and military accounts, and so many more?
With our mobile society and world of tablets and smartphones it's so easy to login and manage all of our accounts. Isn't a little more security worth a little more effort and hassle, and maybe just one more step to log-in?
Retired
9 å¹´https://www.v3.co.uk/v3-uk/news/2416162/mastercard-is-still-planning-selfie-photograph-payments It can be easy, but it is a process to add the layers and preserve a great customer experience
Self-directed, growth-focused senior executive with global experience in Strategy, Operations, Sales, and General Management within FinTech space; repeated success achieving revenue growth and organizational excellence.
9 å¹´Have a look at Entersekt (www.entersekt.com) for a really neat 2FA solution using your mobile as the out-of-band 2nd factor. The best of both worlds: very secure using standard PKI technology, yet extremely user-friendly.
Manager in Cyber Knowledge Institute
9 å¹´I'm an upholder of 2FA. But it has to be user-friendly as well. Or the user will choose the easiest course, not to use 2FA. 2FA is great if there is multiple level security needed.
Founder & CEO @ SHIELD | Enabling Trust for the World
9 å¹´Yes, 2FA can be a form of strong authentication but only when used appropriate. However, the trend is shifting towards making online businesses require 2FA for every transaction buyers make, forgetting in the first place their goal is to keep it simple for buyers. 2FA should be used selectively and only as a last resort, as a strong authentication for very suspicious transactions. Trust me, as a consumer i will buy from a web store that keeps life simple for me. I do not really look forward to a future where i have to wait for a 6 digit pin to be sent to my mobile before i can enter my house (With the complication when my phone runs of out battery). There has to be an optimal balance between security and convenience and neither should be looked upon as much more important than the other.