Past years have raised quite a few alarm bells for a lot of people and making them question the level of security of their online data. Just recently over 100 million LinkedIn usernames and passwords stolen in 2012 appeared online and one of the largest online dating sites AshleyMadison.com suffered a large scale breach with 25GB of critical data including user information was stolen. These are just two out of too many hacks that clearly demonstrate how easy it is to take control of your personal data.
This is where 2FA or Two-Factor Authentication tries to mitigate the threat and although not 100% safe, it adds another solid layer of security to your online data and makes it so much more difficult for the villains to hijack your email account or steal your private information online.
So what exactly is Two-Factor Authentication (2FA)?
Two-Factor Authentication is a method of authentication that uses two different layers of security to identify you online. When you type in your username and password you are using the first layer of authentication, the second layer is independent of the first one and is used to vastly decrease the risk of your account falling into the wrong hands.
One of the most used methods of 2FA is using an SMS PIN code delivered to your mobile phone. There are of course other methods like a personal key fob, a USB key or a fingerprint.
Let’s take a closer look how PIN authentication actually works and why you should start using it ASAP.
Around 65% of people use a single password for multiple sites so if your log-in credentials get stolen from one site you are leaving the doors wide open for all your other accounts. It`s like opening your home and your office door when someone breaks into your car. Adding a second layer of security diminishes the possibility of using the stolen credentials to access your accounts.
SMS PIN authentication requires the bad guy to not only find a way to steal your username and password, but he also needs to steal your phone - not very likely that someone could get their hands on the phones of the 100 million LinkedIn users that were affected by data theft in 2012.
Yes, there are ways to intercept the PIN delivery or use a Trojan horse to interfere the communication between you and the website, but the cases of that happening are so much rarer.
When you log on to a website you are asked for a username and a password, once you successfully fill those fields the site automatically tells the SMS authentication service provider to verify the user by sending a PIN code to the number previously defined by the user. The PIN entry is then checked independently from the website you are trying to access and if the entered PIN matches the one sent via an SMS the website gets a green light to allow access to that specific user.
So as we put more and more personal data online every day we can’t just rely on the good old password to protect our account. Stats show that 123456 is unfortunately still the most used password and most certainly the worst. Do yourself a favor and activate 2FA on sites that are already using it and if you have a business that is keeping any user data about your clients, please be responsible and keep them safe with 2FA.