Ask Tech Effect: What Is Two Factor Authentication?
The world of security is growing every day, and experts are constantly scrambling to find ways to protect consumers before the hackers get to them.
Passwords used to be the go-to security function, but as technology increased, it became increasingly easy for hackers to get around passwords. While passwords are still a viable security option, experts are now realizing that more security might be necessary.
After all, almost everyone who has used the Internet has made an online account, if not several. They are almost always held by a series of passwords, which people have limited to 1 or 2 passwords for convenient remembering.
Passwords are great, but there is a limit. As password mining technology has evolved, simple passwords are no longer as secure as they used to be. If we make more sophisticated passwords, it becomes harder to remember and increases the likelihood we would forget.
Enter two factor authentication, which was designed to provide multiple layers of security. Two factor authentication was built to have multiple forms of verification so that if a password was cracked or accidentally discovered, you would still be safe.
However, two factor authentication is not something that most customers want to adopt, and employees may not see a need for it. To be fair, not every institution uses it now, so it might seem pointless to invest in any two factor authentication. You might even think of it as science fiction.
While security should never be labelled as an unnecessary, it is worth taking a look at two factor authentication to see why it’s being used, how it keeps you safe and why you might want to think about using it yourself.
First, What Is Two Factor Authentication?
Two factor authentication is simply another security measure that requires another form of identification to prove it is you.
Using an online account as an example, you normally have a password which allows you to access your data. Once you enter your password, you gain access to your account.
Two factor authentication would require more than your password to access your account, so once your password is entered, you would see another message requiring more information.
Common methods now include an email code, a text to your phone containing a special code, or inputting special characters to prove you’re not a computer program/robot. More sophisticated methods include bio-identification, such as fingerprinting, or micro-chip implants.
You might have seen two factor authentication in action already. Banks are starting to implement this to safeguard financial transactions, and websites with confidential information (such as government services) are using it to ensure that you really are who you say you are.
Once you have passed the extra verification step, you get access to your account, just like before.
How Is It Safer?
The next question to ask a security expert; why is this safer than a regular password?
Two factor authentication brings an extra layer of security which is much tougher to hack. You would have to register your second authentication factor (such as your phone), but other than that, it’s implemented just like a password.
Let’s use an online bank account as an example. Before, you would only need a password to access it. However, if a hacker got a hold of that password somehow, they could then use it to enter your bank account and carry out whatever transaction they want.
But if you set up two factor authentication with your phone, the bank’s system would send a text containing a code to your phone. The system will then push the Internet browser to another window which will require the code to proceed.
Since the code was sent to the phone number you registered, and you have the phone with you, only you would know the code. A hacker could still try and guess, but it would be significantly harder for them to crack the code, as it is not always clear what characters are in the code.
That extra layer of security will be considered necessary by the system, which will work to make your security stronger and more effective.
Hackers will have greater difficulty getting past two factor authentication, because even if they have your password, they often won’t have the device needed to get past the second layer of security. It would often involve actual theft of the item, which can often be more trouble than it is worth.
This is especially true with bio-identification, since you are not likely to have someone else’s fingerprint or eye ball (at least, not under regular circumstances). The security hurdle will discourage hackers, and thus protect you.
Now, it can be argued that the hacker might also steal your device, which compromises two factor authentication, but the chances of them being able to carry out the theft of your password and the physical theft of your device is low. Low enough that it’s not a risk that should deter you from using it.
Sounds Great! Why Aren’t More People Using It?
Two factor authentication is definitely stronger than a regular password, but it comes with its own downsides. In some situations, two factor authentication can be a double-edged security sword.
First, it’s an extra step. If you use the service a lot, such as checking your bank account on a daily basis, it can be annoying to constantly have to go through the same security procedure repeatedly.
Just like how frequent flyers are often annoyed at the security measures they have to keep going through, it can be quite annoying if you know you’re the only user but you have to go through the security usage anyway.
Next, two factor authentication makes your device(s) part of the security step. That means without your devices, there is no way to complete the process.
It’s the same as locking a chest with a key, then splitting the key in two. Both parts of the key are needed to open the key, and you can’t do it with just one.
While that is the strength of two factor authentication, it is also its weakness. If you lost the device (either through unrelated theft or you left it behind somewhere), your account is effectively locked, even if you know the password.
This means in order to access your account, you would have to let the system’s owner know what happened, which can be a very time consuming process, as you would have to prove your identity.
While it would seem that, of course, there is no way you would masquerade as someone else other than yourself, you also have to understand that for security reasons, the system owner can’t think like that. They have to assume that, until proven otherwise, you are someone who might be sending a false security message in order to get the details that they want.
Two factor authentication is also not a reason to be careless with your password. Even though it is meant as an addition security measure, you still want your password to be strong so that people cannot discover it in the first place.
After all, if your password is easy to guess, the second layer of security can still be bypassed if someone has your device, or access to your device.
Is Two Factor Authentication Right For Me?
Given the benefits and downsides, it is worth thinking about whether you need it or not. While experts will definitely say you need it, it may not feel entirely necessary.
It’s worth nothing, however, that if you were never concerned about security in the first place, it is worth getting two factor authentication anyway, as you have little to lose.
If you are working with information that needs to be confidential (ie. Customer information or financial documents), definitely use two factor authentication. This is not something you want hackers to ever have access to, and the extra annoyances using it will be a preferred inconvenience compared to the theft of that information.
If your account holds information that doesn’t have much value (ie. Simple drawings of art that you’ve posted on an art site), it isn’t as necessary. After all, a hacker’s main motivation is to get something of value. Unless you are in the art business, hackers are not too concerned with your hobby drawings.
At the end of the day, it is up to you to assess the risk, but do keep in mind that as a company owner, employee or managing partner, it is your responsibility to protect yourself and the people around you.
I think every expert would agree with that.
We hope you enjoyed this article! If you liked it, share it with your friends and family, and follow us on Facebook, on Twitter @mspblueshift and on LinkedIn! Call us at 1300 501 677 for a look at your IT today!