When we’re surfing the World Wide Web, it is quite common to need a password or some other method of identification to provide access to certain features of sites, such as those associated with shopping or banking etc.
A question we’re often asked is how safe is my password, and how secure is my account. Whilst there are plenty of recommendations regarding password length and complexity, what is now being regarded as more important, is the number of security ‘factors’ that you need to provide to be secure.
There are generally regarded to be three security factors:
- Something you know.
- Something you have.
- Something you are.
Something you know – This is by far and away the most commonly used of the security actors, and relies on the person requiring authentication to provide some sort of information that (in theory) only they know. Commonly this is a password, but could also be a PIN number, or a piece of memorable information such as a birthday etc.
Something you have – This often requires the person requiring authentication to provide some form of physical evidence of their identity, such as a passport, drivers license, access card, security pass etc.
Something you are – This is a relatively new branch of authentication, and mainly involves the use of biometrics such as a fingerprint, retina scan, voice print identification etc.
Whilst all these factors when used properly and carefully on their own, provide reasonable security, just using one isn’t as safe as using multi-factor authentication as once it’s cracked all security is gone, e.g. someone can guess your password or find it using a keylogger, you could lose your security pass, and even have your finger prints copied using something as simple as sticky tape and talcum powder.
By forcing users to use more than one factor to authenticate, there is much less chance of the wrong person being able to gain un-authorised access to systems.
Currently many sites still only use a single (something you know) factor, normally a password as this is the easiest and cheapest to implement. But with online fraud becoming increasingly common, many companies are turning to adding ‘Something you have’ authentication to their systems. For example PayPal has a credit card sized device that provides a unique code for you to enter at login, and some banks are now even offering customers card readers to use at home so they can use their debit or credit card as a means of authentication.
The area of biometrics is likely to take a while to take off as the hardware will need to become more readily available, although many laptops are now being sold with fingerprint readers built in, so it’s only a matter of time.
Of course, all these measures don’t just apply to the virtual world of the internet, they can and are already being applied in the real world. One of the most common two factor authentications most people see is when they use their card at an ATM. This is two factor authentication as it relies on ‘something you have’ (the card) and something you know (the PIN number). Also there are plenty of high security buildings that will rely on all three factors. An access card of some type (something you have), a PIN number entry (something you know) and a fingerprint scan (something you are).
So remember, next time you have to go through the hassle of providing extra info for an additional layer of security authentication, it’s really in your best interests to do so, and if you are offered the chance to use more than one method of authentication please choose it – it’s in your own best interests!