So, what exactly is two-step verification?
Two-step verification, also called multiple-factor or multiple-step verification, is an authentication mechanism to double check that your identity is legitimate.
How does two-step verification work?
When you want to sign into your account, you are prompted to authenticate with a username and a password – that’s the first verification layer.
Two-step verification works as an extra step in the process, a second security layer, that will reconfirm your identity.
Its purpose is to make an attacker’s life harder and reduce fraud risks. If you already follow basic password security measures, two-step verification will make it more difficult for cyber criminals to breach your account.
What are the forms of authentication?
1. Something that you know – This could be a password, a PIN code or answer to a secret question.
2. Something that you have – This is always related to a physical device, such as a token, a mobile phone, a SIM, a USB stick, a key fob, an ID card.
3. Something that you are – This is a biological factor, such as a face or voice recognition, fingerprint, DNA, handwriting or retina scan. While many phones utilize this technology, it is much less common to find them in the workplace.
Why should I activate two-step verification?
Passwords on their own aren’t as infallible as we need them to be. Hackers have the power to test millions of passwords combinations in a second.
Did you know that 90 percent of employee passwords can be cracked in six hours?
What’s even worse, 65% of people use the same password everywhere. That would be like having a single key for both your house and your car. When this happens, a website that may get breached may expose every other account using that username and password combination.
Answers to security questions are also easy to find out, especially now that we are willingly sharing all the details about our lives on social networks and blogs. Anyone that interacts with us on a daily basis can find out the answers to common security questions, such as the graduation year, the city that you grew up in or our first pet’s name.
Even if you don’t give these out in your Facebook profile, some can be found through public records, available for anyone who cares to look. Others can be cracked simply by entering common names.
This is where two-step verification comes in handy. It will offer you an extra layer of protection besides your username and password. It’s hard for cyber criminals to get the second authentication factor, without physically coming into contact with you and drastically reduces their chances to gain access to your accounts.
A few examples of Two-step verification methods that you are most likely already using:
The token issued by your bank, which generates you a specific code at a specific time – you use it with your username and password for Internet banking.
A one-time password, that you receive as text message on your mobile phone and you use it when you want to log into your Google, Facebook or Twitter account.
Similarly, a random password generated by an app like Google Authenticator or Facebook Code Generator, which you would use to log in to your email or social media account.
Typically, we would recommend using two-step verification for any information that you would not like to be publicly available. This includes:
- online banking
- online shopping (Amazon, PayPal – though it’s only available for a few countries)
- email (Gmail, Yahoo, Outlook)
- cloud storage accounts (Dropbox, Box, Sync)
- accounts on social networks (Facebook, Twitter, Linkedin, Tumblr)
- productivity apps (Evernote, Trello)
- password managers (LastPass)
- communication apps (Slack, Skype, MailChimp)
More information about two-step verification at Laurier for staff and faculty will be available in the coming weeks.