It is incredible that we are in 2018 and I still come across so many accomplished businessmen and entrepreneurs who are not aware of two-factor authorization.
So what is two-factor authorization? In short, it is the simplest way that you can enable multi-factor authorization on a device.
Typical Login Procedures
When you normally log into an account, such as an email address, bank account, network or business email, you are simply asked to enter in your username and password. If you are using a familiar device, your username is usually present on the browser. You just enter the password and you are logged in.
The issue with this procedure is that if you have your password hacked, you may be compromised. All someone needs is your password and they have access to your account. It is that simple.
How Two-Factor Changes the Process
With two-factor authorization, you need more than a password. Each time you attempt to enter your password to log into an account, you are prompted to enter a code so that verification can be completed.
The purpose of the code is so that it can be determined that it is really you who is attempting to log into the account – not someone who just got access to your password.
For instance, you may be sent a code to your phone that you have to enter into the screen. The code is sent to you through a text message. Codes are also emailed. This process ensures that you are entering your code and password each time you need to log in.
Different Two-Factor Strategies
Depending on the account, the strategy for two-factor authorization may differ. For instance, I have a bank that asks me for a code each time I login from an unknown device. But if I am using my regular phone or laptop, I just enter my password and I am in.
And it does not have to be a code that is sent to you. Some institutions will have you setup a password and pin. When you are logging in, you must enter both. So someone would have to hack your password AND pin if they want to get into your account.
Using Physical Keys
A very impressive method for two-factor authorization is a physical key. It is what we are seeing many companies and small businesses adopt in the past year. If you are considering adding another layer of security for logins, we believe that a physical key is the right move for you.
The physical key is given to each employee who has access to the network. The key is either inserted into the device they are using to access the network – or it generates a code on the spot.
For instance, you have remote workers who need to log into the company network. But you are worried about security. The employee must enter their username and password. Then it is time for the second factor.
They will either plug the key into the device and it will authenticate them. Or they will enter the generated code on the web page. Since the code is only viewable by the person who has the key, someone would need to get the username, password and the key itself to get into the network.