Two Factor Authentication – Why Your Password Just Won’t Do Anymore


BY KEVIN SCHAEFER
Contributing Writer

We all know that we are supposed to use “good” passwords for our accounts. This usually means that the password must contain at least 8 characters, and have a mix of uppercase and lowercase letters, numbers, and symbols. On top of that, most organizations including McKendree University, require that you change your password every so often, such as every 90 days, or 150 days. Of course that can be a real pain to come up with a strong password, and memorize (i.e., not write it down), every 90 days for every single account you have–email accounts, Facebook, online banking, etc…

If you are like most people, you probably have one or maybe two passwords that you use for everything. According to a 2011 article in PC Magazine, 77% of users use the same password for Facebook as they do for an email account.

usernameBut what would happen if one of your accounts did in fact get hacked? They would have all of your contacts’ contact information, and could send emails from your account. They could also read private emails and get other sensitive information from your account.

In order to understand how hackers break into people’s accounts, it is important to know what authentication is. Usually when you sign into an online service, you provide something you know: username and a password. This system is decent, and has been in use since the dawn of the Internet, but it relies on information you need to remember. Unfortunately, anybody can know your username or password for any given account, especially if they know where you write your passwords down. Hackers can also guess your password, or use another means to access the account.

Luckily, in today’s sophisticated world, there is a more reliable method of securing your online accounts: two factor authentication. Primarily, two factor authentication relies on something you know (i.e., your username and password) and something you have (a special code generated specifically to be used once). On a side note, it can also rely on something you are (i.e., a fingerprint). Two factor authentication is simple: you provide your username and password, and then you receive a text message to your phone containing a special one-time use code. You then use this code to log in. Once a code has been used, it cannot be used again. Also, these codes will typically only work for 30 or 60 seconds. These codes can also be generated by a special authenticator app which you can install on your phone. The advantage of two factor authentication is that if somebody was able to figure out your password, they would still not be able to get into your account because they would not have access to the one-time use access code. The only way that somebody could get into your account was if they had your phone and knew your password and username.

Today, Google, Microsoft, Apple, Dropbox, and other companies offer two-factor authentication as an option to users. It is usually pretty simple to set up, regardless of which company you are setting it up with. Most companies who offer two-factor authentication also allow you to designate a computer as “trusted,” which means that you won’t be required to enter a code in order to log in. In the case of email, you can still utilize email clients, such as the mail app on your phone by providing a special “app password.”

In the end, all of this is designed to prevent unauthorized access to your data, and you should seriously think about using two factor authentication if you don’t already. It significantly decreases the probability of somebody getting into your account without your permission. If you have had an email account get broken into by somebody else before, this should be very appealing to you; if you have not had (or don’t think you have had) an email account get broken into, you should still consider this security measure because you may regret not taking this simple measure to protect yourself. If you think you are somehow impervious to being hacked, many large companies with very sophisticated security measures (Google, Sony, Apple, etc…) have all suffered breaches of security. There are some nasty people on the Internet, don’t let them take advantage of you!