Authentication is the act of confirming the identity of a person. On most computers, this involves logging in with a userid and a password. The weakness in this system is that passwords can often be stolen, accidentally revealed, or forgotten. For this reason, Internet based transactions require a stricter authentication process.
Two factor authentication is an authentication mechanism which requires more than one thing to authenticate a user. Typically, the two components of two factor authentication are "something you know" and "something you have".
A password or personal question provides the "something you know" component. The "something you have" component can be provided by a small token card or your cell phone. In order to complete the authentication process you must enter information sent to the token. The information displayed changes frequently and expires within a short period of time (usually every 60 to 90 seconds).
Two factor authentication could drastically reduce the incidence of online fraud, because the victim's password would no longer be enough to give a thief access to their information. However, it is not fool proof. While it increases the amount of work that an attacker has to do, hopefully until there is no longer an economic incentive to continue, computer users still need to:
- Be aware of phishing attacks and how to avoid them
- Install and use anti-virus and anti-spyware software
- Only install software obtained from trusted sources
James Bell
Comments