Two-Factor Authentication – The Good, The Bad, and The Questionable

Two-Factor Authentication simply means verification by two methods. One-Factor Authentication simply means you enter your user-id and password to log in. Two-Factor usually means that once you enter your user-id and password, a one-time (one-usage) code or pin is sent to you either by email or by phone. Then you have to enter that code as part of your log in procedure.

Enhanced One-Factor Authentication

The problem with One-Factor is that people tend to use the same user-id and password everywhere they log in. They also tend to use something easy to remember for their user-id and password. Thus, if somebody gets your user-id and password for one website, they have it for all websites. You can limit that by using separate passwords for each site, but that gets tedious.

Now, most log ins require you to use a combination of uppercase and/or lowercase letters, numbers, and special characters like @ or # in your password. These are harder to guess. Even harder to guess are password phrases like My cat has green eyes with black pupils. Those are even harder to remember.
Some sites do not allow you to use your email address as your user-id. Some sites do not allow you to use any part of your name as your user-id. Others make you include numbers in your user-id.

Enhanced One-Factor Authentication may make you input three things log-in. It may make you answer security questions (unless you check that the device you’re using to log-in is your own private device). Inputting three things to log in is good.
Another form of Enhanced One-Factor Authentication tries to prevent your device from becoming infected with a virus, especially one which would compromise your log ins. This may be in the form of you choosing a picture from a list. This picture is displayed when you log in. This assures you that you’re on the correct website. Some bank websites ask you to download and install IBM Security Trusteer Rapport. This is an added layer of security for your computer. I did that at one point, but it slowed my computer way down. I have plenty of security on my computer without it. Many clients that I work for insist that the computer I use to work for them has a virus protection program of their choosing.
Also, you may need to verify that you’re human and not a robot. You do this by entering some barely legible letters and numbers which are shown on the screen. Alternatively, you check certain types of pictures like those which contain a street sign.

Two-Factor Authentication

Two-Factor Authentication sends you a one-time codeĀ  or pin to enter as part of you log in. This code is sent to your phone as a message, or the sending computer can call your phone with that number, or you’ll receive that code in an email. Two-factor works well even though it is one more step for you. You also have your choice of how you want to receive that code.
Two-Factor may also come in the form of your device staying in sync with the website’s computer. In this case, you install a tokenizing app on your device. The website’s computer generates a random number. If your device’s tokenizing app is in sync, it has the same random number at the same time. Don’t ask me how this works. This form of Two-Factor is enhanced Two-Factor because your device also has to know a pre-agreed upon pin.
The problem with Two-Factor is that hackers may be able to steal your phone number or email address. Then they can intercept that code and log in as you. So, don’t plaster your phone number and email address all over the place, at least not the one you’re using for verification.

Three-Factor Authentication

And here’s where it gets questionable. I recently logged in to my Trusted Traveler Program (TSA). But now, your log-in information is verified by a different website where you have to have a log-in.
This is ridiculous because just one year ago, the log-in website changed and I had to set up my log in info again.
This new website required Three-Factor Authentication. In addition to my log in info and my Two-Factor Authentication, I had to choose a third way to verify that I was who I said I was. The first choice made the most sense to me. That meant installing an app which would receive the code. I reasoned that if somebody stole my phone, they would have that app. So I installed it on my laptop instead. There were two choices for that app. The first cost 6$/month. The other was free. Now I just have to remember what that app was and make sure it’s running the next time I need to log in to that site. Also that app was not easy to use. The help information was different from the actual screen.

Patterns, Biometrics, etc.

Some devices allow you to log in using a pattern or biometrics – fingerprint or iris print. I recently set up a new laptop for somebody else. Windows preferred that a pin be entered, rather than a password. This other person preferred using a password. So I figured out how to change their set up, so that they could do so.

Cellphones usually allow you to enter a pattern to log in. You can make it harder to log in to your phone by adding a second lock (log in) screen. If you want to do this, I suggest using Microsoft’s Next Lock Screen as your first log in screen and your phone’s as your second.

Some devices and kiosks allow you to use Biometrics to log in. This may be in addition to your log in information, though usually it isn’t. Some require both fingerprints and iris scans, but most only require one or the other.
There are problems with this. You may not have fingerprints. We’ve all seen spy films where fingerprints were lifted with scotch tape. And most of us have seen the movie where they stole the President’s eyeball.
Other types of Biometrics include voice recognition and face recognition. In the future you may encounter vein recognition, hand geometry authentication, and DNA recognition. Those are currently being used in limited situations.

Leave a Reply

Notify of