Two-factor authentication

If you are not already familiar with the term, you will get to know it soon enough. Two-factor authentication is coming to a cell phone near you. It is likely to be followed by three-factor authentication as soon as the technology becomes readily available. What is two-factor authentication? It is another tool in our endless fight to protect your identification from getting stolen by bad guys.

There are three ways that you can prove you are really you when authorizing a purchase or other transaction. Some prearranged token is given by you to the person seeking confirmation of your identity and if that token checks out then the person delivers the good or service for payment on your behalf. These tokens fall in one of three categories: something you know, something you have, something you are.

The easiest one of these, and the one we are the most familiar with, is something you know: passwords, PINs, security questions and the like. However, something has failed us either because of the Post-it note with our password on it that we stick to the computer monitor or the fact that an astonishing number of people use “monkey123” as a password.

Another reason might be that password-cracking programs can try about five thousand words a minute. Worst of all is that companies will allow you to answer a silly question like “what is your mother’s maiden name” when you forgot your password. Too much information is lost based on one factor of something you know.

The second type of authentication is something you have. This might be the cell phone you carry or a special thumb sized security code generator. Before a transaction can take place you might be asked to type in a text that was sent to your phone or the current six digit sequence in your security code generator. Google and Windows phones already have an authenticator app. They provide a secret number with a special timer that generates the same number on both ends of the transaction. This type of authentication has weaknesses as well. You might not have your device with you when you need it or a bad guy might have stolen one of these devices.

A third way to authenticate yourself is by presenting something you are. You might provide your fingerprint, retina scan, palm print or even body odor. For this to work you have to have a device that can actually accept one of these forms of biometric identification. So far only a few smart phones can take a fingerprint and none of them can do the others.

None of these forms are perfect, but a combination of any two of them provides very good identification. Two-factor authentication is becoming the standard for financial and other important transactions. If you haven’t seen already it, you will begin to notice institutions asking you to sign up for it in addition to your password. If your bank or other places that you shop allow two-factor authentication, I encourage you to take advantage of it.

Suggestion of the week: check with your bank to see if they offer two-factor identification.

If you have any feedback about this column, suggestions about a topic you would like me to discuss or want me to present a free identity theft seminar at your church or social club, please email me at JimEastinLS@gmail.com.

Share the joy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
%d bloggers like this: