The process of proving who you are (called authentication) is key to protecting your information. Strong authentication attempts to ensure only you can access your information, such as your email, your photos or your bank accounts.
There are three different ways to confirm who you are:
- What you know (such as a password)
- What you have (such as your driver’s license)
- What you are (such as your fingerprint)
In our fourth installment in our series on cyber security, we offer tips on how to protect yourself with two-step verification, something far more secure than just passwords and yet very simple to use.
Passwords
Passwords prove who you are based on something you know. The danger with passwords is that if someone can guess or gain access to your password, they can then pretend to be you and access your information. The latest technologies also make it far too easy for cyber attackers to compromise passwords. Fortunately, there is an option for stronger authentication, called two-step verification.
Quiz
In this example, Google used a password and a mobile code to authenticate. Which forms of authentication is this?
A. Something you have and something you are
B. Something you are and something you know
C. Something you know
D.Something you have and something you know
The correct answer is D. Something you have (mobile device). Something you know (password).
Two-Step Verification
Two-step verification (sometimes called two-factor authentication or 2FA) works by requiring two different methods to authenticate yourself. One example is your ATM card. You need two things to withdraw money: your ATM card (something you have) and your PIN number (something you know). If you lose your ATM card, your money is still safe.
Using Two-Step Verification
Two-step verification is something you set up for each of your accounts. Using Google as an example, this will explain how two-step verification works for most other sites, such as Twitter, Facebook, Apple, Instagram and many banks.
- Enable two-step verification on your Google account and register your mobile phone number.
- Log into your account just as before with your username and password.
- Google then sends a text message to your mobile phone containing a unique code.
- Just like your password, you then enter those numbers on the website.
To successfully log into your account, you have to both know your password and have your mobile phone receive the unique codes. To ensure your account is truly secure, Google will send you a new, unique code every time you log in.
If you don’t want to use text messaging (a.k.a. Short Message Service or SMS) for authentication, you can install an authentication app on your smartphone. The app generates the unique code for you every time you want to log in. The advantage of this is, since the code is generated locally on your phone and not sent to you, it cannot be intercepted.
Remember, two-step verification is not enabled by default; you have to enable it yourself. While two-step verification may seem like more work at first, we highly recommend you use it whenever possible, especially for critical services, such as your email accounts, online banking or storing your files online. Two-step verification goes much further to protect your information than just simple passwords.
What about those of us who don't have cell/mobile/smartphones? We don't have access to text messaging. What are our options?