Two-factor authentication
UD IT advises two-factor authentication is safer than simple passwords
1:40 p.m., Oct. 29, 2014--Recent breaches like the iCloud hack, which literally exposed several celebrities, have raised questions about the security of traditional password-protected accounts.
In many cases, email accounts, cloud storage websites and computers are protected by single-factor authentication methods — usually just a password — meaning that access is controlled by just a single piece of identification, according to a University of Delaware IT representative.
FYI Stories
June 6: UDid It! Picnic
2FA protects you
In order to increase account security, experts advise, people should opt to use two-factor authentication if a bank, website, email provider or ISP gives them the option.
Two-factor authentication requires a user to validate his or her identity in two different ways. The extra step adds a layer of security that keeps an account and its information safe even if one of the factors is compromised. For example, an account protected by two-factor authentication might still have a security question in the event that its password is exposed.
Two-factor authentication often draws on different kinds of factors:
- Something only the user knows, such as a password, PIN code, image or security question.
- Something only the user has, such as a security card or SMS code sent to a phone.
- Something only the user "is," including biometric identifiers like a fingerprint. (Apple, Lenovo, Toshiba and others offer this feature.)
Two-factor authentication isn’t a new development; financial institutions and other companies have been offering it for years.
- Some websites send an SMS (text message) code to a phone that the owner must provide in addition to their password.
- Some institutions have people select an image from a gallery as a rudimentary form of two-factor authorization. (Usually, sites that have clients select an image to be displayed while they are logging in do that to help clients be sure that they are at a valid site and not at a phishing site.)
- Some web merchants and email providers require a password and an answer to a security question, especially when logging in from a new location.
Traditionally, social media sites, forums and email providers have opted for faster one-factor authentication. Unfortunately, the greater vulnerability of one-factor systems means that sometimes a major breach, such as the iCloud hack, happens as a result of the risks of simple protection methods.
Following the breaches in the past year, many major companies have announced a shift to two-factor account protection. The iCloud breach, for example, caused Apple to enable two-factor authentication for iCloud and to promise to increase user awareness of this security measure.
Users may also have noticed that more social media sites and email providers now ask them to provide additional verification when they log in from a new location or device.
If the option is available, always enable two-factor authentication to protect your accounts and information. Taking an extra two seconds to provide additional verification can help protect against breaches and hacking attempts.
If it is available, sign up for two-factor authentication protection on significant accounts:
- Online bank accounts;
- Online tax services;
- PayPal;
- iCloud;
- Google;
- Email;
- Facebook;
- Twitter; and
- Amazon.
The website twofactorauth.org lists the Web services it believes are providing two-factor authentication.
The University is in the process of testing two-factor authorization for a variety of UD services. Two-factor authentication is likely to become the norm at UD within the next two years.
The University continually updates its systems to provide advanced security for the campus community, and it may not be long before UD email, Sakai and other systems are protected by two-factor login processes.
Article by Alex Lindstorm
Image "CryptoCard two factor" by Brian Ronald, Creative Commons