For the better part of a year now, Ripplers have been urging our clients and friends to consider using two-factor authentication for things like their Google accounts, password managers and social media sites. Evernote, LinkedIn and Twitter just joined the two-factor party, and Facebook has had some form of it since 2011.
But a staggering number of computer users still don’t know what the term “two-factor authentication” means. Maybe you’re one of them. That’s why we’re gonna be blogging about authentication methods over the next week or so. Too many people are relying on a single password to keep their data and identity safe. And a single-factor, or one-factor authentication, just doesn’t cut it anymore. Here’s why:
- SFA security relies on the diligence of the user to take additional precautions — for example, creating strong passwords and ensuring that no one has access to them Trouble is, unless they’re using a password manager, people tend reuse the same password across multiple sites. That’s a definite no-no in terms of security, particularly if you’re using the same password for both your email and something like your online bank account. If one gets compromised, the dominoes begin to fall.
- Yes, sites get hacked and passwords get leaked. It doesn’t happen all that often, but it does happen. Without an additional factor to authenticate your identity, all the hacker needs is your password to start running amok with your account on whatever site has been compromised. Hope it’s not a site that stores your credit card info, address or other super personal stuff. Otherwise, you might have some charges to dispute.
- Oftentimes, so that a user can remember their password, they make it a fairly simple one. What’s wrong with that? Well, the more simple the password, the easier it is to guess or crack. Guessing is when someone figures out your password, either because they know you personally or because they know certain things about you (like your birthdate, anniversary, or pet’s name). Cracking is when a bot generates the right combination of letters and numbers to match that too-simple, secret code. In either case, it’s gonna be a mess to try and recover your account(s) if they change your password once they’re in, and again you might have to make some calls explaining that you didn’t order any parts for a 1933 Fuller Dymaxion.
So, yeah. Single-factor authentication is quickly becoming the AOL of security measures. It was great for the time, but at this point it’s looking pretty outdated and ugly. And with a growing number sites and apps offering two-factor and multi-factor authentication, the time to get familiar with these new measures is now.
Understanding Two-Factor Authentication