Irrespective of how hard you may personally resist it, evolution keeps on – well, evolving! Call it innovation, research and development or just the desire to make things better, evolution in all aspects of technology is happening right now.
Security continues to evolve. Take the security of your car for example. My first little car had a key, that you popped in the door, turned it and a little peg like structure popped up so you could get in. Once in the drivers seat I’d have to lean over to the passengers side, pull up the corresponding peg and let in the passenger! – remember? It was not the most secure of locks, as a well placed screwdriver, coat hanger, or other applied mechanical device could circumvent it quite easily. Then along came central locking, pop the key in turn it and all the doors opened. Then before I knew it I had remote central locking, press a button on the key fob and the doors unlocked. Now we have keyless entry and I’m sure the evolution of car security will continue to evolve.
For a few years now there has been an evolution on IT security, that even though it’s free and readily available to most of us, very few are using it. Most people are still on ‘the keys in the locks and watch the peg pop up approach’, by using a single password – that in so many cases is still ‘password’ or ‘abc123’. However, with the continuing rise in cyber crime it may be time to implement ‘two step authentication’ or ‘two factor authentication’ as it is also referred to. Before you come out in a cold sweat thinking that you need to remember more passwords – you don’t!
The first time I can remember seeing a good example two factor authentication was in a Bond movie. In the scene there were two Royal Navy officers and they each had a key, the key had to be inserted into a ‘state of the art’ console on a spy ship and turned at the same time, by two separate people, in order to operate some super secret spying device that passed an uncanny resemblance to the current crop of smart toys for kids from Fisher Price. They keys were never kept together and two individuals had responsibility for them. The locks that they had to turn were also far enough apart so that the entire task couldn’t be completed by one person. You had to have both bits of information at the same time in the same place in order to make it work.
So how does this translate onto your desktop? Well chances are that most of the companies that you rely on already offer two factor authentication – Apple, Microsoft, Google, DropBox, Evernote etc…but how does it work? To put it succinctly the two steps rely on two pieces of information : first is something you know (a password), the second is something you have (your phone)! You set up a password in the usual manner, following guidance for strong passwords, then you set up your mobile phone as a trusted device. Then the next time you log into a service you use, you will be promoted to type in a code – a code that is sent to your mobile phone. This code has a shelf life of a couple of hours (if that) and is different each and every time you log in. This means that even if your password is compromised, the criminal would also need your mobile phone, its access pin and to see the message containing the code from the software or cloud service vendors. What are the chances of a thief going to those lengths, just so they can see how overdrawn you are in your current account?
Two factor authentication has often been used by banks, especially on business accounts, where they provide the user with a little code generator. Chip and pin is also a form of two factor authentication. So most people are using it already – but it has just not evolved over from their physical world use, into their virtual world use.
As cyber crime in both professional and personal life continues to grow, now would be a very good time to implement two factor authentication – especially as it’s free! Now I’m not going to tell you that it’s perfect, no security is, but if your information is harder to access then somebody else’s then then criminals will just move on. That’s evolution for you.