What Exactly Is Two-Factor Authorization?

What Is Two-Factor Authorization?

Two-factor authorization. Most of us think we know what it is, but a recent news event brought something alarming to my attention: even huge companies misunderstand what two-factor authorization means, and your personal information could end up at risk because of this.

Let’s start with this recent report: United Airlines changed its security protocols.

Originally, the account holder only needed a username and password. Years ago, that was enough. But, in today’s world, simply displaying a username and password is not sufficient for keeping you protected.

Changes have been made to the security structure of United Airlines’ accounts. Instead of just typing in your password and username, they have now integrated two additional security questions for you to answer. Sounds great, right? Well, maybe not so much.

Answering two security questions, in addition to your password and username, is nothing new. Many people do this on a daily basis. A couple examples of these security questions include: “What elementary school did you attend?” and “What was the name of your first pet?”. While these do offer another layer of security, some are up in arms over how small the security blanket really is with these types of questions. Not only that, but United Airlines is claiming these additional security questions are a form of “two-factor authorization.” In reality, they aren’t even close.

What Is Two-factor Authorization?

Two-factor authorization is a much more stable and secure form of protection for people. At the heart of two-factor authorization is the mantra Jon Evans puts forth on TechCrunch (post cited above): “Something you know, something you have.” A third factor (“something you are”) may also be used in conjunction with the first two. “Something you know” is anything from a PIN to a password or even a pattern of some kind. Most people are used to putting in a PIN when they use their credit or debit card to buy gas, for example.

The second factor is “something you have.” This is a physical factor. Most of the time, the physical factor takes the form of a card. Sticking with the gas example, swiping your card at the reader acts as the physical factor. In other instances, you may be given a physical token for one-time use. Either way, a physical factor is in play.

Something you are” is bit more advanced. If you’ve ever used a fingerprint scanner to get into work (along with a card), you’ve experienced two-factor authorization. Along with your fingerprints, your voice is also a form of “something you are.” Both forms are becoming ever more present in the digital world and are key to keeping you safe.

Now you know what two-factor authorization is. But how does it help you? And why is it important? Let’s take a look at the pros and cons of the two security questions and two-factor authorization.

The Difference

A pro for the basic security questions is that it does offer an extra layer of protection to your account. However, that’s really where the pros end. And that’s not good.

A pro of the two-factor authorization method is simple: physicality. Hackers have an extremely difficult time breaking into an account that’s using two-factor authorization. Why? Because they actually need either your physical card (token) or a recording of your voice or a copy of your fingerprint. Essentially, the hacker needs to meet you, physically, and steal your belongings, to hack into your account.

Looking at the cons, the two-factor authorization method really doesn’t have any. However, the cons for the basic security questions are obvious. Not only can hackers successfully hack your account over the computer using these security questions, but the questions themselves pose a problem.

People tend to choose the first two questions to answer. They rarely look at the list and pick two meaningful questions. Thus, hackers have a much easier chance of guessing your answers.

It’s All Up to You Now

In the world of cyber security, two-factor authorization is the way to go. With a physical component attached to it, this method is a much safer choice for your business. If you have any accounts that do not use two-factor authorization, make sure you answer security questions that appear further down the list. According to a senior writer at CNET, the best way to create a safe and secure password is to pick four random words. This will give you a leg up on the criminals.

With the advent of two-factor authorization, hacking should be more difficult. Only time will tell.

By Kayla Matthews

Metasploit-Penetration-Testing-Software-Pen-Testing-Security
Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn't help with the world in a current state of disarray and uncertainty. Vulnerabilities leave businesses and individuals subject to a wide range ...
Jonathan Custance
IoT and cloud computing are on the increase High-profile cybersecurity breaches are increasingly in the news, a prime example being the NHS incident of May 2017 when services were brought to a standstill for several ...
Yuliya Melnik
Heroku or AWS Cloud infrastructures are gradually starting to penetrate into an increasing number of areas and various businesses. And this is not surprising because such a ploy allows you to improve internal processes, protect ...
Gilad David Maayan
Azure Storage Pricing Introduction to Azure Storage Services Azure Storage is a set of cloud storage services provided by Microsoft as part of the Azure public cloud. It offers highly scalable object storage, file systems ...
MIT
Smart Manufacturing Startups AI and machine learning's potential to drive greater visibility, control, and insight across shop floors while monitoring machines and processes in real-time continue to attract venture capital. $62 billion is now invested ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.