No matter how many times we ask you to create a strong password, it just won’t happen. People have this super weird fascination with passwords like ‘password’, ‘bob’, and ‘12345.’ It’s so strange. It’s almost as if… you don’t care (gasp).
But it’s true. Most people don’t really care about the strength of their passwords. In fact, it’s almost like a race to see who can create the shortest, most basic password. Except the winner of this race gets their password cracked, a slew of phishing emails sent to them, and a nasty virus they couldn’t even destroy if they threw their computer into the fiery trenches of Mount Doom.
Can’t say we didn’t warn you.
However, today we aren’t here to school you on the fundamentals of password creation. Because we know where that’ll get us. Instead, we’re here to celebrate the many wonders of 2-factor authentication – your one saving grace, and the one feature that will allow you to still create those ridiculously simple passwords but maintain some semblance of security at the same time (cue simultaneous gasp).
What is 2-factor authentication (2FA)?
People like to describe 2-factor authentication as “what you know and what you have,” and in the simplest of terms, that’s exactly what it is. It’s a method of verification that attempts to authenticate two separate items. So, instead of being required to just enter in a password to gain access to your account, you have to supply a password and one additional form of verification.
What does 2FA typically look like?
Authentication of these two separate items can be accomplished in a variety of ways. The method most people are accustomed to seeing is a password and a security question (which can potentially be called two-factor verification). However, this variation of 2FA is considered weak because it’s “what you know and what you know” as opposed to “what you know and what you have.” Also, security questions are just as easy to crack as the traditional password – if not easier. Most security questions have a very narrow set of answers that people tend to stick to. For example, “What’s your favorite football team?” Or, “What’s your maiden name?” Easy to guess and easy to find.
A more reliable and mainstream approach to 2FA would be a text or email verification. Rather than being required to answer a security question, when you attempt to login into an account, you’ll be emailed or texted a random and unique verification code. To complete the login process, you’ll be required to enter in this code.
How sophisticated is 2FA?
The most sophisticated forms of 2FA rely on biometric identifiers – eyes, fingers, and voice. But if we’ve learned anything lately, it would be that biometric identifiers really aren’t all that far-off anymore. Many of us have a fingerprint reader built directly into our phones, and you can even purchase something like a USB fingerprint reader for your laptop for less than $100.
Are there security concerns with 2FA?
There will be security concerns for anything and everything that touches the internet, and 2FA is not immune to this statement. Like we mentioned previously, hackers can easily guess security questions just as easily as they can a password. And some security researchers have claimed that a code texted to your phone can be intercepted through sophisticated social engineering tactics. It also wasn’t too long ago when over five million fingerprints were stolen from the Office of Personnel Management. You can change a password, but you can’t change a fingerprint.
This being said, 2FA is still significantly more secure than a password like ‘password’ will ever be, and we recommend implementing this feature wherever possible. If you’d like to see which sites and apps offer 2-factor authentication, twofactorauth.org has a list of most of the major websites who offer 2FA with step-by-step instructions on how to implement this feature.