Email this Article Email   

CHIPS Articles: Outsmart Hackers with Two-factor Authentication

Outsmart Hackers with Two-factor Authentication
By Stop.Think.Connect. Campaign - June 22, 2015
Due to the OPM data breach, CHIPS magazine continues to caution readers of the numerous scams criminal hackers use and ways to protect your identity and money.

On the Internet, a password is like the key to your house — it keeps you safe and allows access — to streaming movies and your banking information, for example. Typically, using a username and password provides access to your email, financial data, health information, photos and videos, social networking sites and other accounts.

These accounts contain a tremendous amount of personal and financial information, so you don’t want that data falling into the wrong hands. Hacked accounts lead to identity theft, drained bank accounts, credit card fraud and other cyber crimes. That's why it's important to use all the security tools at your disposal to protect yourself, such as two-factor authentication.

Two-factor authentication (also referred to as two-step or multifactor authentication or verification or 2FA) is a technical-sounding term for a simple solution. It’s a security tool that uses multiple verification techniques to prove that the person attempting to log onto an account is the real deal.

Some of these methods include:

-- Something you know: a password, code, passphrase or PIN.

-- Something you have: a physical token, chip, fob, or phone.

These methods provide an extra layer of security. Most people only have one layer — their password — to protect their account. But combining something you know (your password) with something you have (your phone, token, etc.), makes your account more secure.

What about Passwords?

Passwords aren’t the best way to secure your accounts. Passwords have been stolen in large-scale data breaches, placing millions of people at risk of identity, data or financial theft. And people don’t always follow the best practices when it comes to password security.

Some of the most popular passwords continue to be "password1" or "123456."And sometimes, people don't have a separate password for each account — which means if cybercriminals crack one password, they gain access to all of your online accounts.

In fact, according to a 2104 Pew Research Center Study, 21 percent of Internet users over the age of 18 have had an online account compromised. And if you use the same account, for example, your email, to manage other accounts, your risk of account hijacking or identity theft is increased.

The Solution

Many organizations today are beefing up their cybersecurity safeguards in response to the unrelenting attacks on their networks and user data.

From email providers and financial services to social networks and blogging platforms, new security features that can help users add another layer of security to their accounts are becoming ubiquitous. These technologies are often referred to as two-step authentication, login approvals, multi-factor authentication, and more because they add a new layer of protection by adding a second element — in addition to a password — to protect your account.

These methods provide an extra layer of security. Combining something you know (your password) with something you have (your phone, a token, fob, etc.) makes your account even more secure by requiring the second element to log in. Simply put, two-step authentication makes sure it's really you logging in, not just someone who has your password.

Google and Facebook offer two-step authentication. Try it.

For more cybersecurity tips, visit STOP. THINK. CONNECT:

Two Steps Ahead Campaign poster
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer