No, we’re not talking about the dance; we’re talking about authentication! Much like the dance, two-step authentication is something that everyone should know how to do. Wikipedia defines two-step or two-factor authentication as “a method of confirming a user’s claimed identity by utilizing a combination of two different components. Two-factor authentication is a type of multi-factor authentication.”
So what does all this mumbo-jumbo mean? It means that in order to access your account, you would need to meet at least two requirements – something you know (your username and password), and something you have (a generated code from your mobile device). This is not a new concept by any means. Think of getting cash from an ATM machine. Not only do you need to have your ATM card (something you have), but you also have to know your PIN (something you know).
In most cases, the two-factor authentication process works something like this:
Enter Username & Password > Random Code Sent to your Mobile Device > Enter Random Code
This means that would-be hackers would not only have to know your username and password, but they would also have to be physically in possession of your mobile device before they could gain access to your account. To make the legitimate user experience more convenient, you are sometimes offered the option to “Remember this device for XX days.” This will allow you to continue to log in from that specific device using only username and password. Login attempts from any new devices would still be prompted for the second step of authentication.
Obviously working in the IT field we have credentials to a number of accounts, most of which have elevated access. Properly securing these accounts with two-factor authentication is paramount to the security and integrity of our operation. To make this process easier, many of us use an app to manage the random code generation (rather than waiting for an SMS text message). My tool of choice has been Google Authenticator. The video below does a great job of summarizing two-factor authentication as well as the Google Authenticator app.
Curious if a particular website or application supports two-factor authentication? Check out twofactorauth.org.