Multi Factor Authentication is here and has been a part of our everyday life for a few years now. Everyday examples include: Your ATM Card + Pin to withdraw money from the ATM machine; if you have a safe deposit box, you’ll need two keys to open it; some web pages ask you to enter a randomly generated alpha-numeric code; some web sites use a graphic image in addition to your password; some banks send you a physical token; others SMS you a pin to unlock your account, etc. If you’ve used any one of the above methods to access your account, you’re familiar with 2-factor or multi factor authentication. To simplify, it’s more than just one factor – like your password, which by now we all know can be very insecure or easily compromised.
For a more elaborate illustration: We’ve all seen it in action or spy movies – It’s a secure location and the actor or security agent scans his palm, punches in a pin, possibly has his retina scanned and at times speaks his name, for voice recognition. In this example, we’re using four factors of authentication to let the agent into the facility.
How does it work? The back end security system combines something you know (password or pin) and something you have (ATM Card, token, soft token, voice, Fingerprint, smart phone, etc.). At some point in the near future, all sensitive online accounts or network access accounts will require multi factor authentication. From our online banking institutions to our applications at work; Multi factor authentication makes it much harder for identity thieves to access our sensitive information.
It is possible to steal credentials in the form of static and weak passwords but a random generated token for 2-factor authentication makes hacking just a password useless. These tokens can now be received via smart phones apps (soft tokens) or SMS, so we no longer need to carry physical tokens with us and risk losing them.
Multi factor authentication can make it very difficult for a hacker or identity thieves to access our information solely by compromising our passwords, and they’re not inconvenient for us to use. Can you imagine not using your ATM card and pin to access your bank account? It’s important for us to be aware of our options and to be open to change. We need to be aware of what’s available from an information security stand point. Our awareness, can lead to us asking the right questions and getting our vendors or service providers to invest in security and in protecting our online identity. An informed public can make better decisions on who we want to partner and do business with.