OSB Professional Liability Fund

Safeguard Data with Two-Factor Authentication

May 5, 2017
by Sheila Blackford

Two-factor authentication is becoming one of the most important methods for safeguarding data. You’ve been using it for years without thinking twice about it. Every time you use your ATM card together with your ATM password, you are using two-factor authentication to access your bank account at the ATM machine.
 
Think of two-factor authentication (2FA) as an added step to your basic login procedure. Username with password is single-factor authentication. Two-factor authentication requires you to have two out of three types of credentials to access an account:

  1. Something you know, such as your password or PIN number (personal identification number).
  2. Something you have, such as your phone, your ATM card, or a special key fob.
  3. Something you are, such as your fingerprint or a retinal scan.
 Using two-factor authentication isn’t foolproof, but it is more secure than single-factor authentication because hackers are looking for easy access. They are trying to pick the low-hanging fruit: targeting those individuals who use insecure passwords.
 
Biometrics may become a great way to solve the insecurities present during the “account recovery” process. When you request that your current password be reset, the company emails you a temporary password so you can log in and change your password. The insecurity arises when your email address login has been compromised. The hacker can then log into your computer and retrieve the temporary password, which the hacker then uses to access the other site and lock you out. Biometrics can help solve the “account recovery” problem by enabling you to have one form of two-factor authentication for login and a different form of two-factor authentication for gaining “account recovery.”
 
You can now use two-factor authentication on various sites, such as Apple, Facebook, Google, LinkedIn, Microsoft, and Twitter. Google has its own Google Authenticator app that generates a new security code, which is texted to your phone. You need to key the security code into the Google site when prompted to log into your account. Check the websites where you typically use a password and username for login access. You will usually find easy setup instructions under “Account Management, Security Settings.” One of the options listed will be “Two-step verification for sign in.” Then simply follow the instructions.
 
It really isn’t that hard to be safer!