Enhance account security using 2-factor verification
Wednesday, December 30, 2015 7:11:44 PM
HCC offers 2-year program in burgeoning cybersecurity
Are you looking to add extra security to some of your online accounts? If yes, you may want to consider multifactor authentication, or MFA, options. Also known as two-factor or two-step verification, access is granted when you provide more than one item to validate your identity.
The first factor is “something you know,” typically a password or PIN. A second factor is “something you have,” often a hardware token or mobile phone. A third factor is “something you are,” commonly a fingerprint. Should your password be stolen, criminals are less likely to compromise your account because they would also need to possess the additional factor(s) to gain access.
Hardware tokens are devices with a digital display small enough to fit on your key chain and display a time-sensitive, six- to eight-digit code that would regularly change. You typically have up to a minute to enter the code correctly or you have to wait until the next code appears.
With the proliferation of mobile devices, it’s become more convenient and economical to replace the hardware tokens with software tokens, with codes sent via SMS text messages or an authenticator app. Newer devices are shipping with built-in fingerprint readers. Not only does this add a third factor to the equation but expect a smoother login progress as apps are able to integrate this technology.
E*TRADE is a well-known brokerage site that rolled out its Security ID program in 2005, first leveraging hardware tokens during the early years of the program and now a mobile authenticator app.
“World of Warcraft” players were able to use a hardware token as early as 2008 to protect their characters on Battle.net. Users of the auction house, a section of the site where real money and virtual goods can be exchanged, were required to use MFA to curb theft and money laundering.
Amazon very recently began offering the service via SMS text or an authenticator app.
A detailed list of sites supporting MFA can be found at twofactorauth.org.
Why wouldn’t you want to enable MFA? In addition to slowing down criminals, the extra authentication steps slow you down as well. Also, it can break compatibility with personal finance software because most depend on your login credentials to retrieve updated information. Most importantly, account access and recovery can be very difficult if you lose your second factor.
Once again, security is a trade-off with convenience. However, enabling MFA for your most critical accounts is a sound decision.
Vincent Hoang is an enterprise architect at Hawaiian Telcom, a Certified Information Systems Security Professional (CISSP), GSNA Systems and Network Auditor (GSNA) and Cisco Certified Network Professional (CCNP). Reach him at email@example.com.
© Honolulu Star-Advertiser
Visit this article in the Star-Advertiser