Most of us are familiar with the steps involved in setting up a new online account, whether for email, shopping, or other purposes. It usually requires the selection of a unique username as well as a password. In some instances, the password must meet certain criteria, such as a specified character length as well as the inclusion of uppercase and lowercase letters, numbers, and a special symbol. In general, people are advised not to select passwords based on their names, pets’ names, or other personal information that would be fairly easy for others to figure out. For professional accounts, in particular, it is heavily frowned upon to select a password with personal meaning. However, despite a company’s request that its employees create passwords that will not be compromised easily, personally relevant words are almost always the type of passwords that people choose.
As a result, companies must figure out other ways to address this potential security lapse. There are some online services that require an additional layer of security by including two-factor authentication. For example, for a virtual data room that is intended to house important and confidential company documents to ensure data security, utilizing two-factor authentication makes it more difficult for the wrong individuals to inappropriately access the information stored there. Some people may already have accounts with two-factor authentication and not even realize it. And, for those who do not quite know what it is, here is the what, why, and how of two-factor authentication:
What is it?
First of all, a factor is similar to a password in that it is a piece of information. However, unlike a password, a factor may be a word, a numerical code, or even a concrete piece of equipment, such as a key card that can be swiped. Thus, while a password is a piece of information that a user readily types into the appropriate box from memory, a factor may be a second piece of information that the user has to enter, it may be a concrete item that the user must furnish when directed to do so, or it may be a piece of information that is sent to the user via a text message, for example, and the user has a limited amount of time to retrieve and enter it into the appropriate box.
Why is it important?
This may just seem like an unnecessary extra step and not all that different from creating a solid password. But, by adding this second layer of security, it becomes far more difficult for an account to be compromised. For example, by linking an account to an individual’s mobile phone, it is incredibly unlikely for someone else to access an account by trying to guess the code that is generated when a login attempt is made. Plus, in the event that someone does try to enter the account, the holder of the mobile phone will see that code come through and can immediately reset the account to prevent further unwanted attempts.
How does it work?
For accounts that employ two-factor authentication, the users must create a username and password and then generally must be given the second factor. This may entail receiving a concrete item or it may involve the linking of the account to an email or mobile phone number so that upon each login attempt the user will receive a newly generated factor.
Thus, when signing into an account protected by two-factor authentication, users will be prompted to enter their username, followed by a password, and then enter the second authentication factor, text-generated code.
Ultimately, this is a much stronger method of protecting accounts that contain important information.