Ripple's Humans First IT Blog

Using Two-Factor Authentication to Secure Your Accounts

Written by Mike Landman | Jul 15, 2013

Us Ripplers have been urging our clients and friends to consider using two-factor authentication (2FA) for things like their Google accounts, password managers and social media sites. Evernote, LinkedIn and Twitter just joined the two-factor party, and Facebook has had some form of it since 2011. With 2FA becoming more popular, we decided it would be helpful to explain a bit of what it’s all about.

But before we get into the reasons why we encourage people to use two-factor authentication, let’s get one thing out of the way: No, it’s not completely impervious to hackers. Nothing is ever completely hack-proof. But Ripplers, along with a bunch of IT pros and security gurus, believe that two-factor offers a heck of a lot more protection than just going with any single-factor method. Anything that puts an extra security step between the hacker and your precious data is a good thing to adopt, and that’s just what two-factor does.

Relying on single-factor authentication is about as secure as it sounds. You type in a username and password, and... that’s it. If someone hacks your password, as happens more often than you’d expect, the damage is done. You’ll likely have a bunch of tedious and frustrating hoops to go through in order to gain access to the compromised account. If it’s your email password that’s been hacked... well, let’s just say that’s a really bad scenario. Lots of information about you and any accounts you have can be found in your inbox and sent mail. And hackers frequently use the passwords they get from websites to try and access email accounts. So, if you’re using the same password for your email as you do on any other site, change it now.

Ah, then there’s two-factor authentication. Again, you can pretty much guess at how secure it is from the name: at least twice that of single-factor. There’s a number of different types of two-factor, but the one gaining the most ground with businesses and individuals alike transforms the workstation user’s mobile phone into a token device using SMS messaging, an interactive telephone call, or via a downloadable application. Since the user now communicates over two channels, the mobile phone becomes a two-factor, two-channel authentication mechanism. Ta-da! It’s now a lot more difficult for someone to gain access to your account and data. Here’s a video on how Google’s 2FA works:

 

 

Of course, as with all new security features, attacks on two-factor authentication will increase proportionately to the number of people using it. That’s just how it goes. But along with that, 2FA will continue to improve and change to address these new threats. There are hints that we may even see a multi-factor authentication (two-factor and more) requiring voice identification. Neat. Until that time, we recommend you do your own research on the different forms of two-factor authentication offered by Google, Twitter and any other apps/sites that have jumped on the 2FA bandwagon.

And if you’re interested in learning about some heavy weight alternatives to standard two-factor authentication, then check out this article from PC Magazine which features The YubiKey among others.