No matter how “great” or “strong” your password, it can be broken, hijacked, or bypassed. Perhaps the most common method to usurp your password is by breaching the user database of a major vendor. For example, recent attacks include:
- Audi: 2.7 million accounts
- Guntrader: 112,000 accounts
- University of California: 547,000 accounts
Once a major site has been breached, the criminal gains access to all of the user accounts and passwords. If the passwords are strongly encrypted, it is simply a matter of time before automated cracking software resolves that bump in the road. More typically, however, is the passwords were either not encrypted at all, or used weak encryption that can be quickly and easily broken.
Given there are currently over 11 BILLION hacked accounts sitting on the dark web waiting for criminals to scoop them up, what can you and I do?
This is where two-factor authentication (2FA) (also called multi-factor authentication) rides in to rescue the day.
With 2FA in place, even if the criminal gains access to your password, they still need the second authentication factor in order to access your account – and only you have it!
What Is Two-Factor Authentication
2FA is just a second way that you can provide proof you are authenticated to access an account. The first way is knowing the password.
The second method can be:
- Knowing a one-time-use code that is sent to your email.
- Knowing a one-time-use code that is sent to your smartphone via text or voice.
- Knowing a one-time use code that is randomly generated every 30 seconds via software or a hardware key.
- Knowing a one-time use code that was given to you when you registered for 2FA on the site.
Best Practices currently recommends against codes sent to your smartphone, as they are easily intercepted.