Pardon my language, but: passwords suck. No one likes them. At best they slow us down; at worst they don’t protect us at all.
In the world of computer security, we call passwords “authentication factors.” All that means is: something that proves you’re you. More specifically, it’s something you know, that you can provide to prove your identity. The problem is, as soon as someone else learns your password, they can pretend to be you too. And people’s passwords getting leaked happens all the time. We could add a second password, but it can be leaked too. We’re likely to write both passwords on the same sticky note anyway, so it’s not an improvement. If we go back to the idea of a password being something you know, you see that a password is just a bit of information that anyone can know, and it doesn’t really prove much by itself.
Making your password not suck: What is 2FA?
Well, what if we added another “authentication factor”? Not something you know, because we tried that already. How about something you are? Something unique to you, like your fingerprint. If this were a sci-fi movie, we could use a drop of blood, or a special camera to look into your eye and see the unique patterns in the blood vessels on your retina. Some phones already match the on-camera shape of your face to one that was stored earlier, to establish your identity. We can already see that if we used only fingerprints or face shape for proving our identity, we run the risk of that information being stolen too. But if we use both things: the thing we know, and the thing we are, then we have two quite different factors we can use to prove our identity. You’ve probably heard this called “two-factor authentication,” or “2FA”.
“But,” you ask, “don’t you need special equipment to read a fingerprint, and store it securely?” Well, you’re right. Most of our computers don’t have fingerprint readers. So how do we use two “authentication factors” on your computer? Let’s consider a third factor: something you have. What do I mean by something you have? You might have a special USB stick that you plug in when you are trying to sign in somewhere. That stick, plus your password, would be a pretty good way of proving your identity. Or, maybe there’s a gadget on your keychain with numbers on a tiny screen. The numbers change every minute, so they are only valid for those 60 seconds. Using this “token” with a system that is set up to use it, you can prove your identity. Now, there are apps you can have on your phone, which generate these tokens every minute. Many websites will allow you to use these numbers as that second “authentication factor” in 2FA.
Don’t let the terminology overwhelm you. It’s easy to use, and I can guide you through the process. True, when you go to sign in somewhere, it takes a moment longer to look up the second “authentication factor” -but you can replace your impatience with the comfort of knowing that your information is much more secure. Even if your password gets stolen, the second factor protects you.
Need help setting up your 2FA? Call me!