It’s Time for More to Implement Two-factor Authentication (Week 3)

That dreaded day has come when you are being forced to change your password.  The system you are attempting to login into will not authenticate you until you change it.  The new password must be complex, not one you have used in the past, meet the minimum length requirement, and contain a variety of different characters.  Oh, the pressure of developing an acceptable password and one that you can remember without writing it down no less.

After much thought, you finally accomplish the dreaded task, but then a few weeks later you are informed that your account may be one of many that has been compromised. You did your part by developing a strong password, didn’t write it down, etc.  So, why was your account among the others that were compromised?  Bottom line is passwords are only as strong as they are protected by you and the organization storing them.

Slack, a company that developed an application that simplifies and facilitates workplace communication, recently discovered that their database containing user profile information was accessed by hackers.  The hackers had access to an array of sensitive information that included user names, email addresses, and encrypted passwords.  It is undetermined if the hackers were able to decrypt them, since they were encrypted.  Regardless if the hackers were unable to decrypt them, they have still been comprised.  In response to the attack, Slack decided to implement two-factor authentication (Toth, 2015).

So what is two-factor authentication?  Two-factor authentication is an additional authentication step that requires something you have.  When users attempt to access a system they are prompted to enter their user name and password which is something you know.  After the correct user name and password information is entered, users will be prompted to enter in a one-time use token that is sent to something they have such as the user’s phone (What is 2 Factor Authentication?, n.d.).  The additional required authentication step adds an additional layer of security making it more difficult for hackers to compromise a user’s account if they somehow obtain the user’s user name and password.

The additional security measure sound great, right?  It does, however, that does not mean you will be able to implement two-factor authentication for every web service account you have.  Two-factor authentication is limited to web services that provide it.  I know that is some bad news, but there is some good news that goes comes with it.  The good news is many of the web services you current use may offer two-factor authentication and you just don’t know about it.  Some services that you probably use that offer two-factor authentication are: Google, Facebook, LinkedIn, and Twitter.  Do you have other web services and are interested in implementing two-factor authentication for them too?  Find out by visiting the following Website: https://twofactorauth.org/

References

Toth, A. (2015, March 27). March 2015 security incident and the launch of two factor authentication [Blog post]. Retrieved from Several People are Typing website: http://slackhq.com/post/114696167740/march-2015-security-incident-and-launch-of-2fa

What is 2 factor authentication? (n.d.). Retrieved March 28, 2015, from http://stopthinkconnect.org/2stepsahead/about-two-factor-authentication/