How secure are your passwords? If you’re like most folks, I bet not so secure. We prefer simple, easy-to-remember passwords, and we use the same passwords on multiple systems. When systems force us to create longer, more secure passwords, we can’t remember them unless we write them down. Now doesn’t that defeat the purpose? Even if you’re different from most people and use a secure password, you aren’t as protected as you think. Even using a password manager doesn’t guarantee password security; one firm offering such services, Last Pass, was hacked.
It’s become clear that keeping your systems secure requires more than a simple password and more than even a complex password. In order to provide additional security, many applications now are implementing two-factor authentication and multi-factor authentication.
Multiple Steps to Prove You’re You
The goal of a password is to prove your identity to the system you’re trying to access. In principle, you are the only one who knows your password. Simply keying in the correct password grants you access. This one step authentication does not cut it these days. Multi-factor authentication (MFA) requires you to prove your identity in more than one way. Typically, this is implemented as a two-step process, two-factor authentication (2FA).
The different steps in multi-factor authentication rely on different means of proving who you are. A password relies on you knowing something. The other steps rely on you having something (such as a token generated by a smart card you carry or a text sent to your phone). Or on you being something (biometric measures such as fingerprints or retinal scans). MFA makes it more difficult for an attacker to fake an identity and gain unauthorized access.
Multi-Factor Authentication in Use
Multi-factor authentication is spreading like wildfire. Research and Markets, an industry research firm, expects spending on MFA to grow more than 17% annually through 2020, becoming a nearly $10 billion market. Most implementations use 2FA, such as the use of a smart card with a pin. More sensitive systems can require as many as four or five factors for authentication
Whether or not MFA takes off and becomes the norm will remain to be seen. Regardless of this outcome, one thing has become clear: we can no longer rely on 2FA alone to protect users from the cyber threats of tomorrow.
It’s time to wake up. 2FA in the form of SMS and email authentication is rapidly becoming an inadequate way to protect privacy. If we fail to recognize that we need to move quickly in order to shore up our defenses, the impending threats will outpace our security.
With this in mind, it’s clear that new mechanisms must be incorporated into our protection in order to ensure users have better options to be safe as the internet continues to integrate itself deeper into society.
On the f lipside
With all the benefits MFA boasts of, there is still a critical flaw in the system that is preventing the average user from employing it. Remembering passwords has always been a problem. Now add to that myriad sites/apps we access per week. Then add the industry’s answer of adding a dongle or token to the whole convoluted process — all this to make the consumer’s data more secure while screwing the pooch.