Every time you use two-factor authentication, you shake your head, let out a sigh and say: “I hate this!” Now, you have to pick up your phone to check a text, find a little doohickey that generates random numbers, or some app pops up and asks you if you are really you. It is frustrating to have to prove that you aren’t a robot — to a robot!
Two-factor authentication, also known as multi-factor authentication, is just a part of our world now. Your job uses it. So does your bank. Even your email provider wants you to use it. But why? While it may be an inconvenience (to put it mildly), the benefit you get from it is worth more than you may realize.
It seems that every month there are more news stories about companies that have had their user accounts hacked. Earlier this year, a New York state investigation found that hackers compromised more than 1.1 million accounts at 17 companies by automatically testing different combinations of usernames and passwords, a tactic that costs businesses up to $6 million per year. The hacking community uses usernames and passwords like currency, and they are worth a lot!
Most people use the same few passwords for all of their accounts. This means that if someone gets a hold of your email password they can use it to access your bank account. Or if they get the password for your Hulu account, they can now log in to your Experian account and disable the credit lock you have in place. (You do have that credit lock in place, don’t you?)
Two-factor authentication solves this problem. The second factor falls into one of three categories: something you know (a password or PIN), something you have (a cell phone or keyfob) or something you are (fingerprint scan, facial recognition, etc.).
Two-factor authentication requires two different categories to be truly secure. It’s exponentially harder for a hacker to replicate a password (something you know) and a phone (something you have) than two different passwords. If a hacker learns your password, they can’t log in because they don’t have your phone. Likewise, if your phone is stolen, they don’t necessarily know your passcode. Different organizations use different factors so what works for one won’t work for another. Also, factors are often single use. Even if someone found out the six digit number you were texted, it wouldn’t work a second time.
Using two-factor authentication provides a strong layer of security for your accounts. Even if it is a pain to remember to set up, compare that to the countless hours you could spend on the phone trying to tell the bank that you didn’t buy that big screen TV or transfer that $9,500 to an offshore bank account. The time it takes to set up two-factor authentication will pay for itself many times over in what it saves you in headaches, time and money!
At Rowan University, we use Duo two-factor authentication to protect your Rowan NetID. Learn more about Duo and two-factor authentication at go.rowan.edu/duo.
By Jerry Patterson, Director of Information Security
October is National Cyber Security Awareness Month, a global effort to help everyone stay safe and protected when using technology. While cyber security can seem overwhelming, this month Information Resources & Technology is focusing on simple steps you can take to defend your online life. Visit go.rowan.edu/ncsam for more tips.