July 24th, 2013
Our online world today is controlled by passwords. Access to email accounts, online bank accounts and financial records, Facebook, Twitter, YouTube—I could go on and on—all of these require some type of password in order for users to access their account information.
In days past, creating and memorizing a login password was all that was necessary to ensure that your online account information remained secure. Users would choose their password (usually a significant date, name, place, or combination of these things), and more often than not would use the same password across all of their online accounts—a BIG no-no when it comes to online security! Unfortunately, online hackers and identity thieves are a bright bunch, rendering one-step password authentication processes less and less secure.
As a result, many online account providers have implemented a two-step authentication process in order to provide an additional layer of online security for users.
In its most basic form, two-step authentication requires the use of a secondary code, device, or piece of information, in addition to the traditional username and password. More specifically, two-step authentication (also called “multifactor authentication”) requires the use of two of the three following credentials:
While the last credential may be overkill for most online authentication processes outside of top-secret government systems, a combination of the first two is what comprises most two-step authentication processes today. Most of us are familiar with two-step verification in which we are sent an email or text message containing a verification code, which we must enter in order to access a new account for the first time, or when trying to access an existing account from a new device (e.g. mobile phone, tablet, or different computer). Two-step authentication can be made even more secure with the use of a physical or virtual “token”—for example, a USB device or Google’s Authenticator app—which provides randomly generated or time-sensitive codes for users to enter as the second step of the verification process.
As mentioned above, Google is a huge proponent of the two-step authentication process. Anyone who creates a new Google account, logs into their Gmail from a new device, or tries to create a YouTube playlist from a different computer will be required to enter a verification code. In May of this year, both Twitter and LinkedIn jumped aboard the two-step authentication band wagon and began offering two-step login verification as an added security option for users. Twitter in particular has been the victim of multiple hacking attacks and serious security breaches, making two-step authentication a necessary option for users of the social networking site.
The answer is simple: better security. Even if you don’t have very sensitive information on your Twitter account, for example, chances are that information related to your bank account, financial records, or other private information is floating around somewhere in your email accounts or web browsing history. If you are a person who uses the same username and password for all of your online accounts (still!?), then you definitely need to have two-step authentication enabled whenever you can. With two-step authentication, the risk of your sensitive online information being compromised is greatly reduced. As Google mentions, “Even if a password is cracked, guessed, or otherwise stolen, an attacker can’t sign in without access to the user’s verification codes.”
Luckily, most websites either have two-step verification as a standard part of their login process, or they make it easy for you to select this added security feature for your account. For Google account users, the process is as simple as signing into your Google admin interface and adjusting your security settings. LinkedIn and Twitter accounts can also be made more secure by selecting similar options from within your accounts. If you are worried about your online accounts being compromised, taking the time to enable two-step authentication is a great way to easily put up an additional layer of security between malicious hackers and your private information.
There are no comments yet.