Jason Ogaard: Advice for online 2 factor authentication
A lot of my life exists in the digital world. My pictures are on Facebook and flickr and many other cloud services. My communication happens mainly via email or some type of instant messaging. I do my banking online, pay my bills online, watch TV online. The Internet is a pervasive entity in our lives today.
This means that we all have several accounts, at least one for each service. Because humans are not computers we have a hard time remembering many different passwords. I don’t know about all of you, but I’ve been guilty of reusing most of the same password for many different accounts. To make things even less secure my email address is my username most of the time. What would happen if someone were to get a hold of my email address and password? They’d likely be able to gain access to my Amazon account, my eBay account, my social media accounts and worst of all my online bank accounts.
Sites that contain a lot of user information are compromised often enough that if you use your email address and the same password everywhere your account could be compromised. Even strong passwords (that a person can remember) can be cracked given enough time and processing power.
To help boost security for user accounts some corporations have enabled two factor authentication. If two factor authentication is enabled on an online account it becomes much more difficult to compromise. Two factor authentication requires at least two different types of authentication. The most common combination is something that you know and something that you have. Something that you know is the password for the account. Something that you have is almost always access to the phone number that is linked to the account.
The process is this: you enter your username and password for the account. The account then will send a text message to the phone number linked to it. This text message contains a code that is then entered to gain full access to the account.
Many banks, as well as Google and Facebook, have two factor authentication as an option.
There’s a saying in computer security. That saying is: attacks will never get worse. Today we use different encryption algorithms than we did ten years ago. Your phone is a better computer than the computer you had ten years ago. Advances in hardware enable the cracking of some of these older encryption algorithms by trying every possible combination.
Another issue is often encryption algorithms have a weakness, eventually that weakness is found and exploited. If you have enough online accounts there is a nontrivial chance that a database with your username and password will become compromised.
I suggest everyone utilize two factor authentication for at least their primary email address. Your email address is the nexus of your online life. If nefarious people were to get access to your email account they can go to your other accounts and tell them that you forgot your password. Those services will then send you an email that allows you to change your password. These nefarious people have now easily changed the passwords for your other accounts. Don’t let that happen to you.
— Jason Ogaard was born in Bemidji and is a software engineer for FICO, a Minneapolis-based public company providing analytics and decision-making services, including credit scoring credit bureaus.