Tesco Tech Support Blog

What is two-factor security?

A report out this week by internet security firm Trustwave makes for interesting reading.

According to its survey of more than three million online passwords, we’re still pretty stupid when it comes to protecting our most vaulable data.

Two-factor security

Don't let someone into your private accounts by using weak passwords

A full list of all the passwords they checked out were classified as ‘easy to guess’ – the kind of simple word or date combinations that take a seasoned cracker minutes to work out.

The most popular password on its list? ‘password1′. Still. You’d have thought, after all this time, we’d know better.

Weak passwords are the best way to let someone into your email accounts, for example, and any service that you may have signed up for an left your credit card details with.

Since it looks increasingly likely that we’ll never change this kind of behaviour – setting weak passwords – it’s time to try something new.

Two-factor security.

This is the technical term for a type of login that requires both a username and password and evidence that you’re carrying some sort of unique physical device before it will accept that you are who you say you are.

The best example of this are the card readers and ‘one time password’ generators that banks send out for online access these days – someone can only break into your account if they have your login details (fairly easy to obtain) and your code generator (very tricky to get hold of unnoticed). The password, stored in your head, is factor one while the plastic code generator is factor two.

Thanks to an increasing number of security breaches, more and more companies are embracing two-factor security. Google has it for Gmail, Dropbox has it for online storage and World of Warcraft has it for online gaming. Twitter is about to introduce it and it probably won’t be long until Facebook does too.

All of these well known services are a little bit more clever than your bank too. Instead of mailing out a code generator, they work using mobile applications for your smartphone which fulfil the same roll. If your phone gets stolen, you can remove it from your account and link a new one. Brilliant.

Hopefully, the time will come when every online service requires two-factor authentication. It’s increasingly popular overseas – in Singapore the government is looking at issuing its own cards for online providers to use, and in places like South Africa one time passwords are delivered by text message for almost everything.

Until it becomes common here, though, make sure your password is safe.

You might also like to read: