Security: Two-Factor Authentication
The risk of having an online account breached is increasing every day as cybercriminals continue to evolve and refine their methods.
Simply having a user ID and password as an authentication method is no longer enough to truly protect your account.
You need a form of two-factor authentication. What is two-factor authentication? Two-factor authentication requires more information than something you know, such as a password.
It adds the additional criteria of something you must have. For example, the second form of authentication could be a fingerprint since this is something you always have with you and is unique to you.
Without a form of two-factor authentication, your account is vulnerable to anyone who acquires your password information.
This information could be obtained via a form of malware known as a key logger, which records your user ID and password information and sends this information to a cybercriminal without you ever knowing it has been done.
Or maybe you use the same password on different websites – if one of these sites is compromised, all of your accounts would be compromised.
A common form of two-factor authentication in the banking industry is that of a security token. This is a physical device that could fit on a key ring, which has a button and a small LCD display.
Pressing the button will show a randomly generated number on the LCD display that you would enter when prompted in addition to your password when logging into your account.
This number will change every 30 seconds or some other predefined interval so you would have to physically have the device in order to login to your account.
The benefit of having two-factor authentication on any account is that normal hacking attempts only acquire information such as a password and not the physical part necessary for the second portion of the authentication.
Cybercriminals would therefore not be able to access your account even if your password is compromised.
Two-factor authentication is the best defense against cybercriminals since it requires something that only you will physically have in order to access your account(s) rather than something that can be stolen from your computer.
Insist upon it for something like online banking where there is risk of financial loss if your account were to be compromised.
Editor’s note: Michael Carson is the new Sr. Security Engineer at Los Alamos National Bank. He has more than 20 years of experience.
- Look for Money IQ every Wednesday in the Los Alamos Daily Post.