Every week you can read new stories about high-profile data breaches and password leaks. You may think that this only happens to those with outdated systems or poor security. But what about you?
Cybercriminals are hungry for passwords. As seen in plenty of news articles about hacks and data leaks, an unprotected password can help cybercriminals gain access to your bank account, credit cards, or personal websites. From there, they can sell your personal information, gain access to your money, or compromise your overall digital security.
For years, the dangers of protecting online accounts with only basic, password-based, authentication have been known. Yet, despite this, the transition to stronger forms of authentication has been slowly developing. As consumers and businesses become wiser to the imperative of better protecting their accounts, their voices will add to those calling for two- and multi-factor authentication (2FA).
2 Factor Authentication is essential to web security because it immediately neutralizes the risks associated with compromised passwords. If a password is hacked, guessed, or even phished, that’s no longer enough to give an intruder access: without approval at the second factor, a password alone is useless.
A password is something someone knows and therefore it can be shared. Astonishingly, people sometimes do this knowingly and willingly, particularly in business settings when colleagues need to access a little-used system or application. Beyond this type of intentional sharing, passwords can also be tricked out of people through phishing. Phishing attacks are becoming increasingly sophisticated and therefore difficult to spot. An email may appear to be from a legitimate service provider, such as a bank, yet when the unwitting customer clicks on a link they could be taken to a fake site. If they enter their information at this point, the cybercriminal is able to use the phished credentials on the actual service provider’s site to gain access to the user’s account.
As the name suggests, two-factor authentication requires one extra step — and a second factor — to log onto a site or access an online account. Most often, you first enter your username and password. The site typically then sends a text message to your mobile phone with a six-digit numerical code. This code is called an authenticator, or sometimes a passcode or verification code. You can only access the site by then entering this code that appears on your mobile device. If you don’t have the code, you can’t log on, even if you know the correct password.
Make it harder for identity theft and phishing via email to happen to you; require those criminals to gain more information than just your username and password. Privacy is becoming more and more of an issue as technology grows, and not taking the time to do this simple, ten-minute process puts you and your information at risk.
2FA strengthens authentication because it adds another factor – something the user has (such as a one-time passcode or security key) or something they are (a unique physical attribute such as a fingerprint) – to the something they know (usually a username and password).
With 2FA, a potential compromise of one of these factors will not compromise the account itself. So, even if your password is taken or your phone is astray, the chances of someone else having access to both factors is not likely.
Unfortunately, passwords are still the main (or only) way many employees protect themselves. But, the good news is that there is increasing awareness from companies to use 2FA.
Strong authentication is necessary to increase access to cybersecurity for accounts and online services. Passwords alone provide weak protection because they can be guessed and phished and, once stolen, tried against a range of accounts in the hope of securing a hit.
How can 2FA help you?
2FA (also known as 2-Factor verification) is an additional layer of security used to ensure only authenticated users gain access to an online account. Initially, a user will enter their username and a password as usual. Then, rather than gaining access straight away, they will be required to provide additional information.
Adding the extra step to account access means thieves will struggle to access your personal information. If you add a knowledge factor to your bank account, a cybercriminal who knows your password won’t be able to access the account without having your phone when it receives the verification code.
That way, those still relying on the password “password” have a better shot at keeping their bank accounts secure.