In two previous posts, we discussed the necessity and some of the problems associated with passwords. As mentioned in those articles, passwords are a needed defense against those that would attempt to steal or damage our electronic information. With the increased likelihood of passwords being compromised, there is yet another approach, which I will discuss here and expand over the remainder of this academic year, that provides the best protection we have against unwanted attacks against our information systems: two-factor authentication (2FA).
Using two-factor involves using a second method to verify a logon activity. When you open an application in your web browser, you typically supply a username and password. That is referred to as single-factor authentication because it has one method for gaining access to your account, a username and password. If we add one more step in the process before allowing access to your account, that is two-factor authentication, because you had to supply two things to gain access to your account.
The implementation of 2FA involves “something you know” and “something you have” for access. When you visit an ATM, one authentication factor is the physical ATM card (“something you have”). The second factor is your PIN (“something you know”). Many of you already use modern two-factor for other wesbites, such as your bank. When you log into a 2FA-protected website with your username and password (“something you know”), you receive a text message or a phone call on your cellular device (“something you have”) that requires your interaction before you can successfully log into the website.
In the coming months, we will begin the process of adding 2FA to some of our institutional applications. Keep an eye on these posts for more information.