Two Factor Authentication

Since last summer when a well-known, sophisticated web meister Mat Honan was hacked and his whole web identity trashed I have been taking steps to improve my own online security.

What Is Two Factor Authentication?

2 factor authenitcationWhen you walk up to an ATM machine you conduct a two factor authentication before you make a transaction. You must physically have the card (factor one) and insert it in the machine and then you have to know the pass code (factor two). This combination makes it very unlikely that the person performing the transaction is not you.

On the web,  the typical security system of user names and passwords is very leaky because these identifiers are so easily “guessed” by computers programed to break into your accounts. Even the addition of so-called security questions, “What is you maternal grandmother’s first name?”, are readily discoverable through search and social spoofing.

In web-based two factor authentication a “token” – usually a 6 to 8 digit number is required in addition to the user name and password combination to gain access to one of your accounts. When you enter the correct user name-password combination a token, good only for 10- to 15 seconds, is sent to your phone or other digital device. You then enter this token and you gain admittance to your account. 

How Does It Work for Me?

Authy token app - screen shot iPjoneRecently, stimulated by a client request, I set up a two factor authorization system for several WordPress sites using Authy. I can receive my tokens via SMS or an iPhone app. Since I almost always have my phone close at hand, it turns out to be an extremely quick process to fill in my user name and password and then turn to my phone for the token.

This proved to be such a slick process that I have now added two factor authentication to my Apple and Google accounts. For the latter, once I authenticate a device I have the choice to turn off the two factor process for Google accounts on that machine.

If you are concerned about your online security try out these tools. I am now writing to my financial institutions asking them when they will begin to offer two factor authentication.