Everything needs a password today. Studies show that the average person has at least 20 different accounts that need passwords, while the average business employee can have close to 200 different passwords. The problem is that the password is, in most cases, the weakest link in the security chain for any online account, so strong passwords are an absolute necessity – especially for the most important accounts, like email – but as cyber attacks get more sophisticated, passwords are no longer enough to protect us. A hacker who gets into your email account could potentially use that account to get into every other account that you have, which could be disastrous. That is why new and stronger security measures have been implemented by most large email providers, plus many banks and other financial institutions, and other accounts where security is essential.
Why 2-Step Security is used
The reason that a two-step process is so much more secure is that it is much more difficult for a hacker to access both methods of identification. It may be possible for a hacker to obtain your password, but it would be much more difficult for them to access the second part of the verification process as well. This makes a cyberattack much less likely to succeed, and makes your account that much more secure.
Two-factor authentication can use several different methods to complete the second authentication step. The first step is entering your username and password. The most common – and some say the safest – second factor is fingerprint identification technology. When you set up your account, you will be prompted to allow your device to scan your finger or thumbprint, and you will then need to verify your identity by repeating the process every time you want to access that account, or even that device. There are other things that can be used as the second method of authentication, like your smartphone or tablet, a card, or a fob, but the obvious danger with this method is that any device can be lost or stolen, making it impossible for you to access your account as well as putting your account in danger of unauthorized access. In general, though, two-factor authentication uses two out of three possible things: something you know (your username and password), something unique to you (a fingerprint, retina scan, or even a voice print) or a device that belongs to you (a phone, a tablet, or an access card).
Two-step verification works differently from two-factor authentication in that two-step verification requires the participation of the account provider. First, you enter your username and password, and that triggers the account to send a verification code to your phone via text, or to your email, depending on how you want to set it up. You then need to enter that code within a certain time limit, and that gives you access to the site. This process can be slower than two-factor authentication due to slow phone service or other disruptions. If you have your account set up to send texts to your phone, and your phone battery is dead, you will have no way to access whatever account you’re trying to get into until you have charged your phone. If your text is delayed for any reason – which does happen – you can miss the deadline for entering the code and end up having to start the process all over again – perhaps with an extra layer of difficulty while the provider tries to make sure it really is you and not a hacker trying to access the account.
Two-step verification is not as secure as two-factor identification, since it would be possible for anyone to enter the code as long as they have access to either your phone or your email, but as long as you don’t lose your device, two-step verification works quite well. It is not as common as two-factor authentication, but it has its place.
As the cyber world becomes more complex, and in many ways, more dangerous, we need to do everything we can to adapt to the changing circumstances and try to protect each account we have the best way we can. It may be annoying and time-consuming to go through more than one step to verify your identity, but trying to repair the damage after you account has been hacked and your life disrupted in some very profound ways would be far, far worse.