2 Factor Authentication – what it is and why you should use it.

Posted on: 22 February 2018
By:
No Comments »
Filed under: Uncategorized

This month our Information and IT Security officer, Graeme Wolfe, looks at 2 Factor Authentication (2FA) and wonders why so few people enable and use this valuable security feature.

2 Factor Authentication, or 2FA, is an additional security measure that requires you to use two steps to log into online accounts. 2FA operates by extending the log in process, requiring not just a basic username and password to access or log into a site. It can take the form of a code texted to your phone, a token with a changing number, a hardware token, a card reader often supplied by banks, or even a pre-printed one time code.

Two factor authentication helps to guard against online security issues when hackers steal usernames and passwords. Two factor authentication demands each user supply something they know – the password, as well as something they have – a code supplied direct to a personal phone or card reading device, meaning that if your log in / password information has been compromised, your account is still safe.

Two factor authentication has been added to most banking, email accounts and many other online outlets, but at the recent Enigma 2018 security conference in the USA, a google engineer revealed that less than 1 in 10 Gmail users have enabled 2FA to secure their accounts.

Google has spent a lot of time and money promoting its 2FA offering, or 2 Step Verification as they prefer to call it, but it appears few people use this security measure.

When they were asked why they didn’t just make it mandatory, their response was very similar to many other organisations; they find that their customers are resistant to these enhanced security measures. In fact some organisations have reduced their security measures to speed up the user experience, but this does mean a compromise on security.

So if you have any account that offers you 2FA, I suggest that you enable it, as in the long run it will help you prevent your accounts being compromised.

Graeme Wolfe

Information and IT Security Officer

19/02/2018