Two Factor Authentication For Web Accounts

You may have heard about two-factor authentication lately, and probably wondered what it is or what it means. Simply, it's an attempt by some of the web service providers like Google and Microsoft to come up with something more secure that "just" a username and password. As a group, we consumers tend to use weak password or to re-use one password across several sites, which is A Bad Thing. So, two-factor or two-step authentication combines using a username/password (something you know) with another factor (something you have). Typically, the second factor would be a text message with a short code sent to your cell phone. So, if someone has your password they hopefully would not also have your phone. In most cases, it's still an optional feature, but it does add another layer of security. You can read more about it on the SANS site here (PDF document).

No comments :