The Internet has become an indispensable tool for purchasing items and managing personal information. We trust vendors with our data and assume that they will safeguard it and prevent unauthorized access. Yet, the headlines are filled with news of data breaches and other hacks. The latest story is that Dropbox was hacked although the company says that it was not their servers. Regardless, users need to be more sensitive than ever to data breaches and one of the most important tools in the battle against hackers is two-factor authentication (TFA).
Traditional password schemes rely on two pieces of information – a username and a password. Typically, usernames use a common and easily identifiable piece of information like an email address and so are fundamentally insecure. Passwords, in contrast, should be highly secure, but even with the most complex password, you are still at risk because a determined hacker could retrieve your credentials from the compromised system. TFA provides a powerful solution to the problem.
TFA adds an additional layer of protection by extending the concept of security to include not only what you know (e.g. username and password), but also what you have (e.g. TFA app, text messages or phone). When logging into a website that is enabled for TFA, you still must input your username and password; however, once your credentials are authenticated, the user must also input another piece of information, typically a unique number. The power of TFA revolves around the unique identifier and that number can be generated in different ways including an app on your phone, a text message or an automated phone call. This process ensures that you have both the appropriate credentials and the asset required to access the unique numeric identifier. Thus a hacker wanting to compromise your account would need to steal your credentials and then your mobile phone as well. Naturally, this task is not impossible but is significantly more difficult than stealing or guessing login information.
Thinking about the Dropbox breach, I have no idea if my credentials were compromised; however, even if they were, my account would not be accessible because I use TFA for Dropbox authentication. I will certainly change my password to be safe, but the reality is that TFA dramatically reduces the risk of your account being attacked or compromised. I suggest that you review the sites that have your financial information and explore with you can enable this feature. Trust me, it can make a huge difference.