There have been a ton of password hacks in 2012, and you may have learned some new terms this year as a result. One big idea that was pushed to the mainstream is two-factor authentication.
So… what exactly is it? Well you should know, your brain is already using it.
How about a story? Imagine you’re back in high school. You see Sally from your biology class on the bus and want to ask her to a dance. Only problem, she has an identical twin sister, so you’ve got to be sure you’re asking the right girl. How do you (intuitively) decide if this is Sally or her sister?
1. When the girl on the bus said “Hi” to you, she used your nickname. (Something Sally KNOWS.)
2. She is wearing a red jacket, which you’ve seen Sally wear. (Something Sally HAS.)
3. She has short, curly hair. (Something Sally IS.)
Sure, it’s possible that the sister heard Sally refer to you as “Sugar,” borrowed Sally’s jacket, or cut and curled her hair. But if you check for several of the factors the odds of getting the right twin increase significantly.
Two-factor authentication works in much the same way. Proper identification is critical to security systems. Hackers are essentially trying to fool gatekeepers into believing they are you, so they can get access to your accounts. So to make it harder, two-factor authentication requires two of the following things to verify that you are really you before it will grant access to your stuff:
1. Something the user knows (password, PIN);
2. Something the user has (the device, a token); and
3. Something the user is (biometric characteristic, such as a fingerprint).
Just like with the twins, it is much easier to make a confident, positive ID when you require several factors for identification.
Password Genie has used this type of authentication from the beginning. Like most password managers we require something you know: a 4-digit passcode. But most web-based programs stop there. Password Genie also requires something you have: the device or computer. Unlike other programs that can be completely hacked from anywhere in the world via the web, we require a user to physically have the mobile device or desktop machine that Password Genie is installed on, as well as know the 4-digit passcode, to access your information. No problem for you, since the mobile device or computer is yours, but a big deterrent for hackers.
So when you’re deciding on who to trust with your passwords, be sure you are getting two-factor authentication. You can’t be going around asking out just anyone who calls you “Sugar.” Think about it.
