Thursday, April 7, 2016

Two Factor Authentication

The recent public discussions about the FBI and Apple and iPhone security has caused many people to ask themselves more serious questions about privacy.  Who has access to our correspondence and what can they do with that knowledge? Along those lines we also need to consider security.  This post will not be about whether or not I side with Apple or the FBI, or my thoughts on encryption.  Instead I want to talk about something more important: securing your online accounts. And the best way to do that is two factor authentication.

What is two factor authentication? It is a system that requires you to have two pieces of information in order to log into an account. In general, it’s “something you have, and something you know.” For example, when I log into a Google Account I put in my user name and password as usual. However if it is the first time I’m logging into my account from a computer (say at a hotel, or a friend’s house) I then get a text message sent to my phone with a six digit number I need to enter. If someone has my user name and password, they still can’t log into my account unless they also have my cell phone and are able to unlock it as well. 

Something I have: my cell phone
Something I know: my password

This is a strong means of securing a system. I've been using it for several years and it is neither time consuming, nor confusing.  It does however give me much stronger piece of mind about my accounts,.

Many businesses use two factor authentication, especially in the world of national defense. Employees are issues access cards and a PIN. Its not good enough to just know the PIN without also having the card. Some other business use a rotating access number and give you a hardware FOB (often like a key chain), others may send an email to confirm you are who you say you are.

Many common email providers now offer two factor authentication, including GMail, Outlook, and Yahoo! mail. When you consider that your email address is the means you reset passwords for banks and credit card accounts, your email needs to be as secure as possible.

For a more complete and updated list of providers of two factor authentication, please see this website: