Almost Secure Blog

Two-Factor Security: Double the Authorization, Double the Fun

At long last, 2018 feels like the year two-factor is leaving the world of paranoid security professionals (hi!) and entering the mainstream. Everyone from your email provider to your bank has nagged you to turn on this feature - but why? Unfortunately, passwords can only do so much to protect our data. It's time to give them a little help.

So what are these factors you keep mentioning?

  • Something you know
  • Something you have
  • Something you are

Something You Know
This is your poor little password that's been doing the heavy lifting all these years. It's also the pin number you might use on your phone. Basically, it's a word/series of numbers that you need to memorize to input into a system.

Something You Have
For our purposes, something you have is almost always a cell phone. When setting up two-factor, you verify a phone on your account. That phone can then be used to receive texts to confirm your identity when you log into an account. Something you have can also be a fob or an ID card with a chip.

Something You Are
Here, we get a little fancier. Something you are is asking your for biometric ID. It's the fingerprint scanner on your smartphone (or the facial recognition if you have a newer phone). It could also be a retina scan used to access a building. This factor is used less often than the other two, simply because it's more expensive.

So how does this work?
I have good news for you - anyone with a debit card is already using two-factor. To buy something with your card at a store, you have to insert your card (something you have), and type in your pin (something you know). If someone steals your debit card, they can't go on a shopping spree because they don't know your pin. If someone knows your pin, they still can't do anything because they need your card. To rob you, they need both! The same basic concept applies when you add two-factor to your bank login, for example. In general, you will enter your password (something you know!), and the bank will send a text to your phone (something you have!) to confirm that it's really you. The text will contain a one-time use code that the bank will ask you to type in addition to your password. Takes 30 extra seconds of your time, keeps your money much safer. And that's worth 30 seconds, don't you think?

As always, if you have questions or want more info, send us a message.

Author image

About reggie

Security specialist who loves falling down arcane Wikipedia rabbit-holes. CISSP and a Masters in Information Technology w/ concentration in security. She tells herself that she done with school.