used with permission from Norton by Symantec
The significance of employing secure passwords is more important than ever. Hackers are hungry for passwords, as they have substantial monetary value. Stories are constantly developing in the media about high profile data breaches and password leaks, leaving thousands of accounts vulnerable to being accessed by cybercriminals. With two-factor authentication (2FA), you get an extra layer of security that hackers can’t easily access, because the criminal needs more than just the username and password credentials. You’re actually using it already and you may not be aware of it. Your ATM card is a 2FA method, via your physical card and your pin number.
What is used for 2FA?
2FA is a method of verifying your identity that adds a second factor of authentication in addition to your account password.
- Something you know – a pin number, password or pattern.
- Something you have – an ATM or credit card, mobile phone or security token such as a key fob or USB token.
- Something you are – Biometric authentication such as a voiceprint or fingerprint.
How “Hack-proof” is 2FA?
While nothing is 100% secure, your account can still be vulnerable via hacking through password recovery options. Lost password recovery usually resets your password via email, and it can completely bypass 2FA. This can leave you vulnerable if the attacker has gained access to your email account associated with the account you use 2FA with. Be sure to monitor your email account for messages requesting password changes.
There are some extra measures of password security that you can take, in addition to 2FA:
- Do not use the same passwords across multiple accounts.
- Make sure your user passwords are at minimum eight characters long and be sure to use a unique combination of uppercase and lowercase letters, symbols and numbers.
- Don’t use words, birthdates, addresses or phone numbers in your passwords. These are things that can easily be found out about you on the Internet.
While not all websites offer 2FA you can check twofactorauth.org to see what services employ it.