On February 9, 2016, President Barack Obama issued a statement supporting the STOP. THINK. CONNECT. initiative and asked “Americans to move beyond just the password to leverage multiple factors of authentication when logging-in to online accounts.” In other words, he’s asking for two things. First, people should use two-step authentication when it’s available. Second, more companies and services with websites should implement two-step authentication. So, if two-step authentication is so good, why are Google and Yahoo! taking steps to allow users to sign in without a password altogether?
Onesies vs. Twosies
In October 2015, I described the basics of two-step authentication. The major advantage of this process simple. It relies on a physical device you have in your possession to authenticate logins from new devices. For instance, if you’ve set up two-step authentication and someone tries to log in from a different computer, you will receive a notification on your smartphone. This type of security is far superior to a single password, but even this has its weaknesses.
Let’s promote the two step
Laziness is one of the biggest problems with security. That’s right, we consumers are lazy. We don’t want to think up complex passwords. We don’t want to change them all the time. And, we don’t want to make them unique. I’m no different. I’d rather spend my time doing something I enjoy than frying my brain while building a massive spreadsheet to keep track of all those stupid passwords. And now the president wants me to complicate my life with two-step authentication? Well, yes, and there’s good reason for it.
The problem with cybersecurity isn’t me, it’s the other guy. It’s the hacker who wants access to my accounts. With two-step authentication enabled, when the hacker tries to log in, my phone receives a code. It’s only when that code is entered on the hacker’s computer that he gains access. Since I’m not likely to email him the code, I’m safe.
The no-password password
So, why then have Google and Yahoo! been developing forms of security that allow users to log in without a password? This advanced “one-factor authentication” allows users to sign in with only their email address if they authenticate their access by responding on their smartphone. Yahoo! is calling their service “Account Key” and it’s currently available on their smartphone app. Google’s efforts are still being tested with a small group of users. Either way, look for these two giants to take us toward a future in which you access a website on one device and authenticate yourself on a second.
Should you implement two-step authentication?
The short answer is, yes.True, it can be kind of a pain to set up. But with two-step authentication, you only have to authenticate your device one time. After that, the sign-in process is identical to what you used before. There will probably be a lot of buzz about this process during the next year. Have you implemented two-step authentication yet? Are you ready to give it a try?
Recent Comments