Thursday, 21 May 2015 00:00

Two-Factor Authentication And You

Rate this item
(0 votes)

b2ap3_thumbnail_laptop-with-lock_20141205-213142_1.jpg

Since we’ve been on a security kick this week, I thought we might end the week with one of the most important things you can do to keep your accounts secure: Two Factor Authentication.

What exactly is two factor authentication? Also called ‘multi-factor authentication’, according to wikipedia, it is a means of authenticating that requires 2 or more factors to be able to access an account. These factors can be:

  • A physical factor (bank card, key card, usb stick, etc)

  • A knowledge factor (password, pass phrase, pin)

  • An inherence factor (biometrics: fingerprint, iris scan, voice scan, etc)

While this sort of two-factor authentication might seem like something needed for access to places much more important than your email account (like say, a bank vault or secure government facility), you may have been using two-factor authentication without even knowing it.

How Two Factor Authentication Works

One of the biggest reasons that many people don’t opt into two-factor authentication willingly is because they don’t want the hassle of providing both factors. Who wants to dig out a usb dongle or get a code from their phone when they’ve already entered their password in properly? I know I certainly don’t (hence the fact I don’t always practice what I preach). But we’ve all heard about the Chase security breach, right? If not, read about it here. JPMorgan Chase tells customers it’s not necessary to change your password, though they won’t disclose who was affect and how much data was potentially stolen. So does that mean that passwords weren’t among the data in the breach? Not according to ZDNet. They report that Night Lion Security stated "if you have email addresses and you know which of JPMorgan’s services those email addresses are associated with (checking account, mortgage, credit card, etc), you can do a simple lookup against your database of five billion stolen username/password combos." Chase has not refuted this statement, instead saying that they don’t allow email addresses to be used as usernames, so this is not an issue and customers do not need to worry or change their passwords.

Of course, it seems to me that the real reason why Chase is not telling customers to worry is due to their two-factor authentication they require. Most Chase customers don’t even realize they are using it, because it’s not necessary every time you log in. It’s only necessary when you log in on a device you’ve never logged in from before. If the website does not recognize your device, you are prompted to choose how you’d like to receive your temporary authentication code: phone call, text message, or email … and what number or email address would you like it sent to. Of course, if your email or phones are compromised, then your bank account easily could be, too. But for those of us who use separate passwords for separate sites, and know our phones are safe and sound in our pockets or purses, even if my bank account password has been compromised, my account is still safe.

Keeping Your Accounts Secure

Using two-factor authentication is the absolute best way to ensure that your accounts - all of your accounts - are safe. The only safer option is to not have any online accounts to compromise. And since that isn’t really a viable option for anyone that doesn’t have great-grand children, two-factor authentication is the only way to go.

Keep in mind, to ensure that your security is complete, you need to enable two-factor authentication on everything that offers it. If your bank account uses two-factor authentication, but your email address - the email address used to verify your bank account - does not, it wouldn’t take long for a someone to access both your email, and then your bank account. Even if you use two-factor authentication and only allow the authentication to go to your phone, if you use a service like Google Voice to get your text messages and voicemails from a computer, and your associated google account does not use two-factor authentication, you’re leaving yourself vulnerable. In the end, when it comes to security - any security - it’s necessary to take every possible step to secure yourself. Doing anything short of everything you can invites disaster.

Why Security Is So Important

Aside from the obvious extreme life disrupting potential of having your accounts compromised, there is the potential for data loss. Generally, when your account is the one compromised, you won’t be the ones suffering viruses and malware that effectively locks your computer and causes you to lose data. No, if you are the one that is the victim of a hacker, you likely have bigger problems than one dead computer.

But if someone you know falls victim, you could find yourself an innocent (and unaware) bystander that because a casualty. One of the first things many hackers do when they gain access to an email account is send out mass emails to everyone you’ve ever emailed with an attachment that allows them to spread their reach. While these emails used to be easy to spot (badly worded by non-native english speakers, ludicrous schemes that are obviously ‘too-good-to-be-true’, etc), this is not the case anymore. Many of these type of emails look legitimate, and contain links or attachments that you would use because you trust the sender. Before you even have time to tell your friend that they have been hacked, you are compromised as well - or even worse, your computer is dead and your data is lost.

Take the extra time to ensure that you are using two-factor authentication for all your accounts, and encourage your friends and family to do the same. If needed, take the time to help your loved ones get it set up on all their accounts; it will take a lot less time to get them secure than it would to clean up the damage if their account is compromised.

If the worst happens, and you do end up losing data due to a compromised account, give us a call. We can help you recover your data, even if it is lost due to a virus. We can’t help you reset all your passwords or protect your identity, but we can ensure that you don’t lose valuable files on top of everything else. If you’ve lost data, don’t wait, call us today!



Last modified on Thursday, 21 May 2015 13:57
Data Recovery Expert

Viktor S., Ph.D. (Electrical/Computer Engineering), was hired by DataRecoup, the international data recovery corporation, in 2012. Promoted to Engineering Senior Manager in 2010 and then to his current position, as C.I.O. of DataRecoup, in 2014. Responsible for the management of critical, high-priority RAID data recovery cases and the application of his expert, comprehensive knowledge in database data retrieval. He is also responsible for planning and implementing SEO/SEM and other internet-based marketing strategies. Currently, Viktor S., Ph.D., is focusing on the further development and expansion of DataRecoup’s major internet marketing campaign for their already successful proprietary software application “Data Recovery for Windows” (an application which he developed).

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.