The end of the pesky password?

by Phil Mennie

Posted on 19 Nov 2015 at 4:08 pm

Do you enjoy trying to remember all of those username and password combinations you use online? Of course not! But we're told again, and again, about the importance of using secure passwords which are different for all of our online accounts. Surely there's another way of increasing our online security...!

Enter, two-factor authentication

Two-factor authentication is a feature that many social networks and online platforms offer their users to add an additional level of protection to their accounts. Most of us log in to our accounts using a username and password but two-factor authentication introduces an additional piece of information which we enter at login to prove that we are who we say we are. You may already use two-factor authentication when you log in to your online banking. If you have been given some sort of physical device by your bank which generates a seemingly random code which you need to enter at login - that's two factor authentication at work.

Two-factor authentication is:

Something you know - such as your username, password, mother's maiden name, first pet's name, favourite curry etc.

Something you possess - such as a bank card or a mobile phone.

That may sound odd at first, so let's look at it in a bit more detail.

How does it work?

For online platforms, the most common way that two-factor authentication works is when a text message is sent to your phone when you log in. Because most of us now carry mobile phones with us all the time, it's become the defacto device to prove you are who you say you are. You receive a text message which contains a code which you then enter into the website. This shows the website that the person logging in not only knows the username and password (the things you know), but that they also have your phone (the thing you possess). This adds an extra level of security because while a hacker may be able to steal your login credentials, it's far harder for them to steal your phone.

Two-factor authentication explained

Why do I need it?

It's less likely you'll be hacked: If your login credentials were the same for another website and the hacker tried to use them on a different website, they wouldn't be able to gain access to your account unless they also got hold of your phone.

It's easy: setting up two-factor authentication only takes a few minutes. The first time you log in once it's enabled may feel a bit different. But most platforms allow you to save the details of your browser and computer so that you don't get prompted for the authentication code when you log from the same computer again.

Sounds great, but how do I enable?

Many online platforms now offer their users two-factor authentication as a free feature. It's in their interest to help you keep your account safe. How to enable two-factor authentication will differ depending on the platform that you use. Generally, the options will be somewhere in your Security Settings or Preferences. You'll need to go through a process of registering your mobile phone.

Here is a link to the instructions on how to enable two-factor authentication for some of the most popular online platforms:

What else do I need to know?

Two-factor authentication significantly increases the security of your account, but it doesn't signal the end of the pesky password. It's just one part of the security jigsaw. To really keep yourself safe you need to remember to use secure passwords and to change them regularly. But, if that's all too difficult, you should absolutely consider enabling two-factor authentication to give yourself at least some additional protection.

What's your experience been with two-factor authentication?

Blog Search

Buy the book

Social Media Risk and Governance: Managing Enterprise Risk

By Phil Mennie

Kogan Page; 1 edition (3 Oct. 2015)