Two-factor authentication – pros and cons

What is two-factor authentication?  Two-factor authentication adds an additional layer of security to transactions, both online and offline.  When you login using a username and password, that’s considered single-factor authentication.  When you swipe your credit card and don’t have to sign, that’s also an example of single-factor authentication.

Andrew Clarke

The problem with single-factor authentication is that anyone who gains knowledge of your username and password can get into your account.  Two-factor authentication requires that an individual confirm his or her identity using two of three available methods:

- Something you know such as a pin or password
- Something you have such as an ATM card or cell phone
- Something you are such as a fingerprint or voice print

Here are some examples of ways two-factor authentication has probably already touched your life.  If you bank on-line, you have probably already experienced two-factor authentication.  After logging in, you may have been asked to confirm your identity by entering a code that was received via text message or a voice call to the phone number you have on record with the financial institution.  Normally, you only have to provide the special code the first time you use a new device or computer.  Some amusement parks use two-factor authentication for their season pass holders.  In this case you may be required to show your pass and provide a fingerprint scan each time you visit the park.  If you have ever been asked to enter your zip code at a gas pump after swiping your credit card, you have used two-factor authentication.

As you can see, this type of security adds an extra layer of protection from the hackers of the world (or at least some of the hackers of the world) by requiring a second method of identification.  While it adds an extra layer, it does not guarantee security.  In our credit card example, it’s possible for someone to get your card and know your zip code.  Two-factor authentication is not fool-proof.  It’s just safer.  It is not a substitute for taking reasonable steps to secure your accounts.  A better example might be that anyone who gains access to your cell phone might be able to get into your accounts if you have not put a lock code on your phone and you have saved all your account passwords by default.  You can see where these actions all together might be a recipe for disaster.

At this time, the biggest threat to two-factor authentication is account recovery.  If you lose access to your account, most providers have a process that can be lengthy, but they allow you to recover your account in cases where you lose your device, for example.  Account recovery normally resets your password and emails you a temporary password so that you can, in essence, start over.  The problem is that this process also disables the two-factor authentication previously setup.  Account recovery is a problem, but it’s not one that cannot be solved and the solution is being worked on as we speak.  A way has to be devised for a user to securely recover an account that is separate from the way the account is normally accessed, and that second method must also use two-factor authentication.  I’m sure they’ll work it out soon enough.

In the meantime, if you have an opportunity to use two-factor authentication, I suggest you take it.  While logging in might take slightly longer, you will be safer against what I call the casual hacker.  You’ll still have to be careful when it comes to clicking on links in emails and surfing the net because any access to your machine gives the bad guys access to your data, and that includes data that allows two-factor authentication to work.  There will never be a replacement for a good healthy dose of paranoia.  Remember … Just because you’re paranoid doesn’t mean they’re not out to get you.  : )

Share and Enjoy:
  • Print
  • Facebook
  • Google Bookmarks
  • Tumblr
  • Twitter
  • LinkedIn
  • PDF
  • RSS

No related posts.

This entry was posted in HIPAA, IT and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>