How two-step verification is the way forward

How two-step verification is the way forward

Written By: Piyush Bhatnagar

google_two_factor_authentication_heroTwo-step verification, or two-factor authentication is the technical term for requiring something you know and something you have when trying to log into an online account.

Take for example bank ATM machines, with a seemingly easy security system based around remembering a four-digit number. The system hardly sounds like Fort Knox, however think about it, one cannot simply gain access to the account through using the correct PIN code, they must present a physical card as well.  Before access is granted to online logins, websites should take note from the ATM system and ask for two separate forms of verification.

The question is, after the password is supplied, what should the second form of identification be? This could be a code that arrives in a text message to your mobile phone, as it would be difficult for a thief to acquire both your password and your mobile telephone at the same time. If this system, which uses passwords and smartphones in conjunction, were to be used on all limited-access websites then users would be able to use shorter and less complex passwords. Jackpot! No more 12-character upper, lower, symbols and hyphenated passwords would be necessary.

In Nick Berry’s analyses of large databases of hacked passwords to various websites, it was revealed that 3.4 million people use a password that is made up of nothing but 4 digits. Using a PIN code comprised of your birthdate, as a bank user, does not put your account in jeopardy.  The thief would have to guess the PIN code correctly within the first few tries before the system kicks into action and blocks the account. Online however, it is more of a risky business. Using a four-digit password, without a second form of verification, is just about the worst conceivable password out there.

Jeff Atwood, software developer and Co-founder of Stack Overflow, has acknowledged the suggested laborious nature of two-step verification. In a blog, he writes, “Is inconvenient in the same way that bank vaults and door locks are. The upside is that once you enable this, your e-mail becomes extremely secure.” Atwood suggests that ATM designers were onto something, a sense of legitimate security does not derive from a long and complex master password, it derives from two-step verification.

Be even more secure. Download Strong Pass now

About the Author

Piyush Bhatnagar

Piyush is the Chief Technology Officer and Founder at Authomate. Piyush founded the company in 2012 to simplify online security and bring strong authentication to every aspect of life without any added complexity. His responsibilities as CTO include leading innovation, developing product vision and product development.

Piyush is a seasoned technology executive, entrepreneur and consultant with experience in technology development and management. During his 25 year career prior to starting Authomate, he worked for defense, information technology, and network security companies, where he built an extensive resume managing global software teams and executing product strategy.

View all posts by Piyush Bhatnagar

Leave a Reply