Passwords suck.
And not just because there’s too many of them and they’re too hard to remember (see Leigh’s article on password managers for more on that subject). They really suck because they’re not very good at their jobs!
You’ve heard it said that with enough time an infinite number of monkeys sitting at an infinite number of keyboards could eventually type the complete works of Shakespeare just by chance, right?
Okay, now imagine those monkeys are trying to type your password … and that those monkeys are actually a computer program that can attempt over a dozen variations per second. The complete works of Shakespeare contain a total of about 885,000 words. Your password is what, 8 characters? Maybe 12?
Like I said, passwords suck.
Basically, there’s no such thing as an unhackable password. If someone wants to get into your account badly enough, they will probably find a way in. So, what do you do – just give up? Stop using the Internet?
That’s not a realistic option these days, but what you can do is give yourself another layer of protection.
Welcome to the world of two-factor authentication, which adds a second step to the login process. First a user logs in with something they know – like a username and password – and then they log in with something they have – like their phone.
You may have seen this process already, maybe on the website for your bank or credit card company. After setting up your phone as your second factor, you enter your username and password on the site, then the site sends a code to your phone that you enter on the site to complete the login process. Initial set up may take a couple of minutes, but it only adds a few seconds to the login process.
Depending on how a site is configured, you may be able to receive your code in various ways. You could receive it in a text message, or in a smartphone app, or a computer could call you and read it out to you. You could even have a little gadget on your keychain that generates codes for you on the fly. No matter how you get the code, you’re decreasing the chances of unauthorized logins by increasing the chances that only you can log into your own account.
Many of your favorite websites already offer two-factor authentication. Just head into your account settings and look under the security options.
The Tactile Group has built two-factor authentication into websites for a number of our clients. During the discovery phase we talk about their user community to learn what might work best for them. After all, not everyone has a smartphone or an unlimited cell phone plan, so you need to be careful not to create unintended barriers to access by making the wrong assumptions during design and development.
Is two-factor authentication a perfect security solution that’s going to change the world we live in and life in general? No, of course not. It’s susceptible to social engineering scams like phishing, which tricks users into revealing their credentials. And it doesn’t work if someone steals your phone or hijacks your phone number. It can also be a royal pain if you don’t have your phone on you when you need to login somewhere.
But it helps. Two-factor authentication adds another layer of protection that hackers must work through, which can give users an added sense of security about their online accounts. And since it only adds a few seconds to the user experience, it’s time well spent to get a little extra security in today’s online world.
#BeCyberSmart
#CyberSmart