Two-Factor authentication, or 2FA, is a small step that will go a long way in protecting your online accounts. 2FA will provide a second layer of protection to your information and should be used whenever possible at home and work.

When a user enables 2FA, they are required to have two types of credentials to login. These credentials could be something you have memorized (such as a PIN number or password), a physical credential (like an ATM card, fob, or cell phone number), or a physical identification (for example, a finger print).

Why Using Two-Factor Authentication is Important

An easily guessed password (something like “P@ssword1” or even your dog’s name) is the simplest way for an intruder to gain access to your account without your knowledge. Even if you have a complex password, hackers have ways of finding out personal information about you in order to crack security questions and re-set your password. Some hackers even have the power and equipment to steal your account by simply continually guessing at your password until they get it right. 2FA serves as a method to add an extra layer of protection to your account and lower these risks. And with all the ways to add a second verification, it is a cheap and easy solution to a major security problem.

PIV Cards

One way to employ 2FA is by using a PIV (personal identifiable verification) card. These “smart” cards must be inserted into your computer when you are trying to access protected information. Each card is accompanied by a PIN number, something only the cardholder should know. This number must also be entered while the card is in the computer to gain access. PIV cards are useful security tools because even if a malicious user were to find out the holder’s PIN number, they would still need the card to access the information and vice versa.

One Time Password Tokens

One Time Password Tokens are another 2FA tool. When attempting to access a protected system or resource, the user is asked for not only their PIN number or password, but also a unique series of numbers displayed on a small key fob assigned to them. The numbers on the fob keep changing, so even if a thief were to learn what the code was for one login, it would change as soon as they tried to access the resource again.

Two-Factor Authentication on Public Sites

As you probably are aware, public websites such as online banking, social media accounts, or e-mail don’t require or expect you to have PIV cards or password tokens in order to log in. Generally, most of them are single-factor authentication by default (meaning you only have to enter a username and password). But that doesn’t necessarily mean that you can’t protect your accounts using 2FA.

More sites than you may expect have options to enable 2FA including most major public e-mail providers (Google, Yahoo, Apple) as well as sites like LinkedIn, Twitter, Dropbox, Tumblr, Office 365, and Snapchat. Google, specifically has an app called “Authenticator” you can download to your phone that serves as a kind of mobile one time password token.

Using 2FA for these public sites is not quite as sophisticated as using PIV cards or one time password tokens, but for these less sensitive accounts it can still be effective. Most sites will send a verification code to either your e-mail address or your phone. These e-mails or text messages contain either short verification codes you must enter back on your login page, or links that will automatically verify you when clicked.

From a corporate or personal standpoint, two-factor authentication should be used whenever possible because it decreases the chance of someone taking over your account without your consent or even knowledge. Adding an extra step to your login process may seem to be a nuisance (minor to some, major to others), but the security of your systems and accounts is never something that should be taken lightly.

Carson & SAINT and Cyber Security 

Our motto is finding what matters and controlling what counts. Don’t sacrifice your security for convenience. Carson Inc. has been helping its customers fight the battle against cyber threats for more than 22 years. Our team consists of Information Assurance (IA) experts with advanced degrees and technical certifications, including CISSP, CISA, LPT, GWASP, and ISO 27001. Our staff has in-depth knowledge of IT security statutory and regulatory guidance.