In this hack-a-day world, passwords are still the top target for data thieves. Want to reduce your own risk of attack? A tool called two-factor authorization, or 2FA, offers a way to create a second roadblock between your data and that identity thief. More and more companies are taking the steps to implement this security measure.
Apple recently increased passcode security on their devices. After last year’s infamous celebrity hack that compromised iCloud accounts, the company recently launched a new iOS1 for mobile devices that increases the minimum length for passcodes. It also allows users to enable 2FA whenever logging in from an unrecognized device.
Don’t confuse 2FA with security questions like “Name of your first pet?” or “Mother’s maiden name?” Those questions are notoriously easy to guess with a little digging into your identity. 2FA is instead a one-time access data byte which businesses generate and then send to you to complete the log-in process.
There are numerous approaches to 2FA. Some send a text message with a one-time code needed to complete your log-in. You could also opt for a phone message or an email. In some instances, it’s a hardware token but in all situations, the hacker needs this second bit of info to compromise your account. That extra step thwarts many intrusion efforts.
Think of it as extra layer of security when you need it most. The additional step to confirm your identity can protect all sorts of accounts, yet many industries have not yet embraced the concept.
Two Factor Auth2 is a non-profit company that tracks 2FA progress. The organization’s website prompts you to scan their lists to see if your bank, social media sites, or utility company offers 2FA. If not, there’s a way to send that business a communication urging them to include this feature.
The concept of a two-step process is so simple that you might be surprised to learn that American Express, Fifth Third Bank, US Bank and Navy Federal Credit Union haven’t embraced the concept. According to charts produced by Two Factor Auth, over half the major banks in the US have yet to offer 2FA.
The utility industry, including cell phone carriers and cable TV companies, is even worse. Not a single utility checked by the group is currently offering 2FA.
To some, 2FA sound like a lot of extra effort. If you have an ATM card, you’ve already used 2FA to get cash or make deposits. It’s the ‘something you have and something you know’ concept of identity confirmation. You have the card and you know the PIN.
No system is foolproof and that’s also true of 2FA. If a hacker has access to your smartphone, he could grab your one-time code and invade your account. If you use an Android phone that is susceptible to malware, your SMS text could be intercepted3. Still, 2FA is still far more secure than 1FA.
The first step is determining which accounts you wish to secure more fully. Do you care if someone hacks into your Facebook page? Maybe. Do you care if your financial investment account is compromised? Absolutely. Want to keep your Gmail files away from that creepy old girlfriend? Most definitely.
The sensitivity of the account may influence your 2FA decisions, but make no mistake, all your accounts are vulnerable. Recently Pers Thorsheim, a Norwegian security and password expert, summed up the problem this way in a tweet4: “Everybody is vulnerable. There. I just concluded my audit of the Internet. Now learn how to accept & manage risk.”
Reach out to your financial institution or email provider if they don’t have 2FA implemented. Until a new method comes along to negate the need, widespread 2FA adoption is necessary to help protect your identity. The additional seconds you spend using 2FA are nothing when compared to the time you could spend recovering from identity theft or financial fraud.