Two-Factor Authentication Explained - Protecting Your Accounts With More Than Just a Password
Think about this for a moment - what does someone need to get into your email, social networking, or online banking accounts?
Surprisingly, in most cases an intruder only needs your password and/or the answers to a few secret questions, and unfortunately this information can be easily stolen from your hard drive by a keylogger or other form of spyware.
The key to keeping your accounts truly safe is not to simply use "stronger" passwords, but to utilize multi-factor authentication to protect your identity in more than one way.
Two-factor authentication (also commonly referred to as TFA) is a form of identity authentication that requires a user to verify their identity based on at least two of the following three factors:
- Something you know (i.e. - PIN, password, secret answers, etc.)
- Something you have (i.e. - mobile phone, debit card, etc.)
- Something you are - (i.e.- fingerprint, retina image, facial recognition)
Most two-factor authentication systems require the first two types of identification listed above - something you know and something you have.
The reason why this works so well to protect your accounts is because now a thief or intruder would not only have to gain access to your PIN or password, they would also need to somehow get ahold of your mobile phone or debit card as well.
The chances of something like this happening are highly unlikely, and if someone were to pull it off then you would probably be able to narrow down the suspects to someone you know personally. After all, it isn't practical for a cyber criminal to visit your house and steal your phone.
So does this mean that you should stop trying to strengthen your passwords altogether? Absolutely not, in fact it would be wise to check out our comprehensive guide on creating and managing more secure passwords. It is now more important than ever to keep all of your login credentials as secure as possible, as the recent heartbleed bug compromised an estimated two thirds of the internet, including a massive amount of Yahoo! accounts.
The worst part is, your information might already be part of a hacker's database and you might not find out until years from now, if at all. Thus, the best course of action to safegaurd yourself after such a widespread attack would be to change all of your passwords now and begin using two-factor authentication on all of your account logins. Start by securing your most valuable accounts. LifeHacker did a piece on which sites you should enable two-factor authentication on - start there.
If you'd like to do some additional reading to learn more about two-factor authentication, feel free to check out these informational resources:
http://en.wikipedia.org/wiki/Multi-factor_authentication
http://en.wikipedia.org/wiki/Two_factor_authentication
The YouTube user "ExplainingComputers" also uploaded a very helpful educational video on the subject: