What Exactly Is Two-Factor Authorization?

What Is Two-Factor Authorization?

Two-factor authorization. Most of us think we know what it is, but a recent news event brought something alarming to my attention: even huge companies misunderstand what two-factor authorization means, and your personal information could end up at risk because of this.

Let’s start with this recent report: United Airlines changed its security protocols.

Originally, the account holder only needed a username and password. Years ago, that was enough. But, in today’s world, simply displaying a username and password is not sufficient for keeping you protected.

Changes have been made to the security structure of United Airlines’ accounts. Instead of just typing in your password and username, they have now integrated two additional security questions for you to answer. Sounds great, right? Well, maybe not so much.

Answering two security questions, in addition to your password and username, is nothing new. Many people do this on a daily basis. A couple examples of these security questions include: “What elementary school did you attend?” and “What was the name of your first pet?”. While these do offer another layer of security, some are up in arms over how small the security blanket really is with these types of questions. Not only that, but United Airlines is claiming these additional security questions are a form of “two-factor authorization.” In reality, they aren’t even close.

What Is Two-factor Authorization?

Two-factor authorization is a much more stable and secure form of protection for people. At the heart of two-factor authorization is the mantra Jon Evans puts forth on TechCrunch (post cited above): “Something you know, something you have.” A third factor (“something you are”) may also be used in conjunction with the first two. “Something you know” is anything from a PIN to a password or even a pattern of some kind. Most people are used to putting in a PIN when they use their credit or debit card to buy gas, for example.

The second factor is “something you have.” This is a physical factor. Most of the time, the physical factor takes the form of a card. Sticking with the gas example, swiping your card at the reader acts as the physical factor. In other instances, you may be given a physical token for one-time use. Either way, a physical factor is in play.

Something you are” is bit more advanced. If you’ve ever used a fingerprint scanner to get into work (along with a card), you’ve experienced two-factor authorization. Along with your fingerprints, your voice is also a form of “something you are.” Both forms are becoming ever more present in the digital world and are key to keeping you safe.

Now you know what two-factor authorization is. But how does it help you? And why is it important? Let’s take a look at the pros and cons of the two security questions and two-factor authorization.

The Difference

A pro for the basic security questions is that it does offer an extra layer of protection to your account. However, that’s really where the pros end. And that’s not good.

A pro of the two-factor authorization method is simple: physicality. Hackers have an extremely difficult time breaking into an account that’s using two-factor authorization. Why? Because they actually need either your physical card (token) or a recording of your voice or a copy of your fingerprint. Essentially, the hacker needs to meet you, physically, and steal your belongings, to hack into your account.

Looking at the cons, the two-factor authorization method really doesn’t have any. However, the cons for the basic security questions are obvious. Not only can hackers successfully hack your account over the computer using these security questions, but the questions themselves pose a problem.

People tend to choose the first two questions to answer. They rarely look at the list and pick two meaningful questions. Thus, hackers have a much easier chance of guessing your answers.

It’s All Up to You Now

In the world of cyber security, two-factor authorization is the way to go. With a physical component attached to it, this method is a much safer choice for your business. If you have any accounts that do not use two-factor authorization, make sure you answer security questions that appear further down the list. According to a senior writer at CNET, the best way to create a safe and secure password is to pick four random words. This will give you a leg up on the criminals.

With the advent of two-factor authorization, hacking should be more difficult. Only time will tell.

By Kayla Matthews

Or Lenchner

Using an IPPN to fight ad fraud: your questions, answered

Using an IPPN to fight ad fraud It’s a well-known fact: the internet is a marketer’s dream, offering brands the chance to engage with consumers on a one-to-one basis, on a huge scale. Ads can ...
Juan Pablo Perez Etchegoyen

69% of Enterprises are Moving Mission-Critical Information to the Cloud

Why Security matters According to a research study by the Cloud Security Alliance (CSA), 69% of enterprises are moving mission-critical information to the cloud. These migrations are massively complex and take meticulous planning to ensure ...
Virtana

Episode 8: Managing Cloud Strategy During the Chaos of 2020, Plus an Outlook for 2021

An Interview with Kash Shaikh, CEO of Virtana Companies are wrestling with the idea of moving to the cloud, staying on-prem or finding a hybrid solution. Kash Shaikh, the new CEO of Virtana, looks at ...
Tech

What is the Difference Between a VPS and a Cloud VPS?

VPS or Cloud VPS? While researching this article it became very apparent that there is a lot of confusion about the differences between VPS Hosting and a Cloud VPS. They are both Virtual Private Servers, ...
Google Prog

Working with security researchers to make the web safer for everyone

Working with security researchers What do a 19-year-old researcher from Uruguay, a restaurant owner from Cluj, Romania and a Cambridge professor have in common? They’re all security researchers—a global community of professionals, academics, students and ...
Kokumai

History, Current Status and Future Scenarios of Expanded Password System

Future Scenarios of Expanded Password System Passwords are so hard to manage that some people are urging the removal of passwords from digital identity altogether. What would happen, then, if the password is removed from our ...