Passwords have been used for decades. With passwords, the information and systems the password protects is only as secure as the actual password. A password like 123abc is easy to remember (which is why people use it), but it’s also easy to guess. Easy to guess or crack passwords are insecure. People also use birthdays and favorite colors for passwords. These aren’t secure passwords either. So passwords have gotten a lot of criticism.
Using fingerprints and faces to authenticate a user is a lot more secure. These methods are being used more. And there’s another way getting more popular.
The Phone in Your Pocket
Two reasons why a fingerprint is secure and easy to use are:
- It’s hard to copy
- People always have it with them
Computer scientists realized there’s another thing many people carry around that fits the same bill. When mobile phones became common, scientists figured out a way to use them like fingerprints. Since most people treat their mobile phones like their wallet or purse, they tend to be carefully guarded. People also tend to have them everywhere they go. So using them as a security device became an option.
When you set up an account at a streaming service or a bank, you may be asked to provide your mobile phone number. The bank may then send you a text message with a code. You’ll be asked to enter that code on a form to verify you own the phone. Once you do, the bank can then use that same number in the future to make sure that the person who set up the account is the one accessing it.
The bank may send you a code each time you sign in. They’ll ask for the new code in addition to your password. You now have two items of information to give them. When you provide two pieces of information, it’s called two-factor authentication (or 2FA).
Other 2FA Options
Using a mobile phone is just one way of validating you. A bank could also call a landline and ask you to press numbers to verify who you are. If you don’t have a mobile phone, companies can send you an email with a code, and you enter the code from the email.
There are also apps called “authenticators” that either generate a code or ask you to pick a number from a list to verify your identity. The app works similarly to the text message in that you have to first show that the phone that is using the app is yours. Once you verify it’s your phone, some authenticators ask if you want to approve the sign-in with a simple yes or no.
Passwords can be combined with any other method of verification (like a fingerprint). Any combination of verification methods counts as 2FA. These days though, the mobile device seems to be the most popular way. Using a code in a text message or an authenticator is very common and gives a level of security that goes well beyond passwords alone.
Leave a Reply