A new, more secure way of logging in to your favourite sites involves more than just your password. Two-factor Authentication, Multi-factor Authentication or Two-step Verification is a simple idea that uses two different means of verifying your identity when you log in to your favourite sites. Matt Cutts of Google’s Webspam team told LifeHacker: “it requires both “something you know” (like a password) and “something you have” (like your phone).”
Many of us have already experienced the two-step authentication process when changing passwords on popular sites such as PayPal or eBay. These sites will often send you an SMS code before allowing you to change your password or other personal details. Now, you’re able to use this method to make your regular logins more secure, too.
Two-factor authentication has garnered much support within the security community. Such was his trust in the method that Christopher Mims, Technology Writer with the Wall Street Journal, publicly published his Twitter password to prove that two-factor authentication was secure enough to withstand thousands of attacks to his account.
The result? “Even when I exposed my password in as public a fashion as possible, my account remained secure” he wrote in the aftermath of the experiment.
While there are many ways to get that all-important ‘second factor’, for example: using special hardware ‘keys’, supplying your credit card digits or even using a smartphone app, one of the most common methods is via a PIN code sent by SMS to your phone, which you will need to type in to gain access to your account.
While perhaps taking a little longer than password-only logins, the time spent is well worth it: two-factor authentication provides an extra layer of security compared to a single password by requiring users to have access to two separate means of identification. Enabling two-factor authentication is simple, with most major sites now offering the feature. Among these sites are Facebook, Google, Twitter, Dropbox, Microsoft and Apple iCloud; this means you can secure your main social and cloud accounts with minimal effort. (You can use the links above to visit each of these services’ pages for enabling two-factor authentication.)
However, two-factor authentication is not ideal for everyone. The additional step can be cumbersome, and extra time and hassle spent logging in might cause you eventually to disable it.
If you are committed to the method, you will be rewarded with enhanced security. Though strong passwords are always necessary, an additional authentication step will help protect your account if your password ever becomes breached.
The Bottom Line:
The following points are important when considering whether two-factor identification is right for you or your business.
- Much more secure than regular password protection.
- Highly effective at deterring would-be account invaders.
- Extra time and hassle to log in may cause users to eventually disable the feature.
- Can be unwieldy; you’ll generally need to have your phone or other identifier with you when logging in.