Passwords are good. Strong Passwords are great. Strong Passwords are what keep our systems safe, for the most part. The trend now is going through an extra level of security to make damned sure that whatever we are protecting with our password (Bank accounts, e-mail, cloud accounts, etc.) is only accessed by us. I have a slightly better understanding than the average person of how passwords work, but mostly it’s like opening the key to your front door. You put the key in the door and try to turn the lock. If its the right key for the right door, it opens, and you get in. If it’s the wrong key, you don’t. The trick becomes what if someone makes their own key to your door. This is where 2FA (or two-factor Authentication) comes in.
What is it?
two-factor authentication is essentially a secondary password for your account. It’s a reasonably simple way to ensure the security of your account. When you Sign up for a service (E-mail, Cloud account, etc.), part of the sign up is your name, e-mail, password and phone number. The reason that you are giving your phone number is so that the service can send a secondary code to a different device. To be able to access whatever service you’re logging into, you need to be able to enter the code sent to that second device. This is a security thing because the theory is that if someone (who is not you) tries to get into your system
2FA Vs. MFA
For the longest time, I’ve been using the terms “2FA” and “MFA” (or Multi-Factor Authentication) interchangeably. I’ve been doing this because I thought that they meant the same thing. As I started thinking about this article, the thought crossed my mind “Is there a difference?” As it turns out, there is. 2FA is a subset of MFA. With 2FA enabled, you are required to enter in a password, and then the secondary password sent to your phone, with MFA you have to do those steps as well as have a USB key with a piece of code that enables you to access the login page in the first place. Without the USB key, if you were to attempt to access the login page, you would be denied from the start.
Does it really work?
In a word, yes. The whole point of setting this up is to have more than one way to ensure that the person accessing your account is you. Without 2FA set up, even with the most complex password you can think of, it is still possible, however unlikely, that someone could break into your account. With your 2FA enabled, it is much more difficult for someone to get into your system.
There’s so much in the news about identity theft and more and more of our identity being put online. In my mind, it only makes sense to take every precaution possible to ensure that your information is safe. To go back to my “door” analogy, having a complex password is good; it means your key is hard to replicate. Having 2FA enabled is like having a security system for your home. The key that others use may be the correct one, but for it to work, the person using it needs a second key, which only you will have. As a quick example of this, a couple of weeks ago, I started getting texts setting me a 2FA confirmation code to my account. I was a little concerned seeing that someone was trying to access my account, but not too concerned because they were clearly failing. As it turns out, it was my daughter trying to load a new app onto her iPod, but I liked the fact that the system was in place, which kept me secure. I’ll be perfectly honest with you; I wasn’t always as secure with my information as I used to be. Over the next two weeks, I’ll share with you a couple of stories of what happened when my own system got compromised.
How secure is your system?
Let me know in the comments section below. If you like this blog post and want to see more, you can follow me on Social Media (LinkedIn, Twitter, Instagram, and Facebook @jasonlovefiles) or Subscribe to my blog to get new content delivered directly to your mailbox.