3 simple ways two-factor authentication can protect you when no one else will


It seems like consumer data is compromised in some massive data breach every other week. You should expect the companies you do business with to do everything possible to prevent data breaches and protect your data, but it’s unreasonable to believe it will never happen. It’s up to you to take additional steps to protect your own data, and minimize the potential fallout from a breach as much as you can. One of the best ways to do that is with two-factor authentication.

Dairy Queen and Kmart are just two of the more current examples of major retail chains that have had their point-of-sale systems compromised—resulting in attackers’ capturing sensitive customer data. Target, Home Depot, and UPS have also been victims of recent data breaches. Personal information and credit card data from tens of millions of consumers is now in the hands of criminals, and at risk of being used for fraudulent activity or identity theft.

2factorauth infographic final Image: Wave Systems Corp.

Whenever a breach occurs, there are calls to use strong or complex passwords, but passwords alone can’t protect you. The Verizon 2014 Data Breach Investigations Report found that two-thirds of breaches are the result of weak or stolen passwords.

Authentication—the process of verifying your identity—comes down to three essential things: something you know, something you have, or something you are. It takes at least one of these to prove you are who you say you are. For better protection, though, you should use two-factor or multi-factor authentication that includes at least two different methods of authentication.

The problem with using just something you know—like passwords—is that it can be shared, guessed, or cracked. A username and password might seem like “two factors,” but they’re actually both something you know, and the username is often predictable or trivial to guess, leaving you with just a password.

Google, Apple, and Microsoft have all implemented some form of two-factor authentication for user accounts. In order to add new devices, or access or change information on the account, users with two-factor authentication must also enter a code of some sort that is sent to the email address or phone number on record for the account. Even if your password is compromised, and an attacker attempts to access your account, odds are less likely that the attacker has already hacked your email account, or happens to be in possession of your mobile phone.

Some credit cards contain an embedded chip that serves as an additional authentication mechanism. An attacker may capture the magnetic stripe data, and be able to create a clone of a simple credit card, but without the associated chip the credit card won’t work. Chipped credit cards are widely used in Europe, but are just beginning to be introduced in the United States.

1. It makes your data harder to compromise

Using two-factor authentication adds an extra layer of protection for your accounts. It’s like having a regular lock and a deadbolt on the front door of your home, or locking your car, but also engaging an alarm system. The idea is that an attacker may compromise one of your authentication methods, but probably won’t be able to compromise both. Just the fact that you have multi-factor authentication in place at all serves as a deterrent, because attackers will generally move on to easier targets rather than investing the time necessary to access your accounts.

2. It prevents fallout from a data breach

If you use two-factor authentication, you have much less to worry about from the data breach du jour. A website you use might get compromised, or a retailer you frequent might be the victim of a network hack, but the data gleaned from the breach is only one of the factors. As long as you also use something you have or something you are as additional layers of authentication, your identity and data should be safe even if your passwords or other personal data are exposed in a breach.

3. It can alert you to break-in attempts

Two-factor authentication lets you know when there are unauthorized attempts to access your accounts. If you suddenly receive a text message with a code, or an email verification when you aren’t accessing the account yourself, you can assume that there is some sort of suspicious activity. Your account should be safe because you have two-factor authentication in place, but if the attacker was able to get to the point of triggering the two-factor authentication it probably means your username and password are already compromised, and you should change your password immediately.

It’s an imperfect world. Even in a best-case scenario there will still be security issues and data breaches. Don’t surrender security in the name of convenience. Take advantage of two-factor authentication for any devices, sites, or services that you can so you can make sure you’re protected even when nobody else will.

Subscribe to the Best of PCWorld Newsletter