Thwarting Hackers With Two Factor Authentication (2FA)
With a 38% rise in phishing scams and security incidents, keeping ahead of hackers can be almost impossible. But this method is working wonders at holding off attacks.
Hacking into restricted online content has become big business. A report last December by PwC revealed a 38% rise in phishing scams and cyber security incidents during 2016. Cybercrime cost the world over $3 trillion last year alone, ranging from theft and fraud to lost custom and rebuilding costs. Perhaps most alarmingly, a chronic shortage of cyber security specialists means the industry unemployment rate presently stands at zero.
Against the Odds
In a post-Wikileaks world where mass data theft regularly makes the headlines, protecting personal information has never been more important. Yet the growing sophistication of cyber criminals makes the idea of thwarting them seem like a major logistical challenge. Fortunately, a method of identification created by Ericsson in the mid-1990s offers a mainstream solution to many phishing and data security issues.
Two Factor Authentication
Better known by the acronym 2FA, two factor authentication is becoming a commonly-used tool for preventing identity fraud. It combines two unrelated pieces of security information, like the debit card and PIN code required for ATM withdrawals. Without one, the other is useless. 2FA follows a similar principle through a web portal. Rather than simply logging in with a username and password, a second stage of security might ask for random characters from a separate passcode. Alternatively, a text message confirmation request could be sent to a linked mobile phone, or external hardware like a card reader may be involved.
Inconvenient Security Measures
Some people have objected to this additional layer of security, claiming today’s plethora of usernames and passwords are difficult enough to remember without additional complications. However, if it’s difficult for us to access personal data, it’s even trickier for criminals. The randomized selection of characters on text-based 2FA logins means even a spy camera or keystroke logging won’t be of much use, since the next request to log in will request different characters. Providing the two stages of verification data are stored on separate databases, hackers would need to steal two sets of data from different locations to gain access fraudulently. That’s enough to deter all but the most committed criminals.
In the Nick of Time
Some 2FA systems have added to the challenge by introducing time-limited elements. When customers of a leading online-only bank set up new payments from their desktop portals, they have to summon a six-digit security code via the banking app on a linked mobile phone. Having filled in the account payee details on the computer, a second mobile security code must be dynamically generated. Both codes are valid for less than 60 seconds and can’t be re-used, meaning a criminal would have to go to extreme lengths to perpetuate account fraud. And that’s apart from the use of 2048-bit encryption through the web portal.
Biometric Adventures
Airport security is already using a futuristic version of 2FA, with retinal scans accompanying passport checks. Modern smartphones offer fingerprint unlocking, and the incorporation of fingerprint recognition technology is ripe for cultivation by app developers. This would simplify the login process for many websites, with companies including LinkedIn, Dropbox, Snapchat and PayPal now adopting 2FA.
Facebook introduced 2FA last month as an option for its 1.8 billion users. 2FA plugins can easily be incorporated when developing a new WordPress website, and proprietary interfaces are readily available for non-WP site builds. The age of two factor authentication is unquestionably here – and not before time.