This post is courtesy of Correct Field Technician Derek Tse
So you changed all your accounts passwords to having more than 10 characters with numbers and special characters. You ensured that these passwords didn’t include your family details, birthday date or pet names and that you were using passphrases. You also ensured that you did not write those passwords down and if you did, you shredded the piece of paper, set it alight and made sure you put all the ashes into the dog’s dinner.
You would think that this would secure your account right?
In recent times, numerous account login credentials have been compromised by hackers finding ways to obtain your details regardless of how strong your password was. All of our social networking sites have been compromised at one point in time. Even government accounts are not immune from compromise, take the Australian Tax Office Twitter account which was compromised late 2013.
What can you do to secure your account if passwords are not enough?
This is where multi-factor authentication comes in. Multi-factor authentication is using two or more ‘trusted’ factors from the list below:
· Something only the user knows (e.g., password, PIN, pattern)
· Something only the user has (e.g., ATM card, smart card, mobile phone)
· Something only the user is (e.g., biometric characteristic, such as a fingerprint)
How does this technology help to make security better?
The best example is how you withdraw money from the ATM.
When you visit an ATM, one trusted factor is the bank card that you slide into the machine (“something the user has”). The second trusted factor is the PIN that you enter through the keypad (“something the user knows”). Without both of these factors, you would not be able to access your bank account.
Online accounts like Google, Microsoft, Facebook and Twitter to name a few, have an option in their security to enable multi-factor authentication either via SMS, Google Authenticator or 3rd party provider like Yubi Key.
Great, now where do I start?
Check your accounts security settings and see if there is an option to enable two factor authentication. The majority of online accounts will use SMS to send you a 1-time code to complete the login or they may have a mobile app you can install which cycles through 1-time codes at a fixed amount of time.
Once enabled, every time you log into your account you will see an extra screen asking for the 1-time code. Your account is now secured even if your password is compromised.
Is there any downside of using multi-factor authentication?
As with any implementation, there will be pros and cons. For the cons here are some which you will need to think about:
· Can be tedious to always do this at every single login.
· Can be time consuming if using more than two trusted factors.
· If your trusted factor is lost/stolen, it will be harder to login or you may not be able to login until you get a replacement trusted factor.
· Each trusted factor must be unique, no duplicate factors for a single account.
Multi-factor authentication is a great way to lock down your accounts even if your account’s password is compromise but you will need to weight up the extra security hoops that you will need to jump through to access your account each time.