ItsGeekToMe.co

Q: I keep hearing the term “two factor authentication” and how important it is to security.  Can you tell me about it, where I can get it, and how do I set it up?

– Gen R.
Fort Walton Beach, Florida

A: My, what a good-looking question, Gen!  With the latest round of malware running around the globe, security issues are on my mind this week, and what you’re asking about is something relatively simple, that’s available to most users, but which they don’t implement because they either don’t know about it, or are too lazy to use it.  However, I’m getting ahead of myself.

The word authentication refers to the process of verifying that a person who is trying to gain access to an information system (computer, phone, website, etc.) is both authorized to access it and is who they claim to be.  The verification items are called factors, and are categorized as knowledge (something that the user knows), possession (something that the user has), or inherence (something that the user is). 

The password that you typically type into a system to get access is a knowledge-type factor.  Knowledge factors are the least secure.  They can be easily compromised, and can be used by anyone.  In other words, any hacker that can guess or otherwise obtain your password gets authenticated, and can access a system.  One way to protect against this is to add another factor, hopefully one that can’t be as easily compromised.  This is called multi-factor authentication (MFA) or when two factors are used, two factor authentication (2FA).

So, why do you keep hearing that it’s so important?  Well, because with MFA, a hacker can’t access your stuff even if they know your password.  In order to be authenticated they need to supply all the required factors.  Study after study of typical user passwords show a frighteningly large percentage of people continue to use stuff like “password” and “123456” as passwords, which is one small step shy of simply unlocking your device and handing it over to a hacker. I feel like it’s somewhat of an uphill struggle to get such people to intentionally make it more difficult to get into their own system when they’re already too lazy to even pick a secure password.

To finish answering your question, you don’t have to go and get 2FA – a it’s already built into Windows 10 and your Microsoft Account.  Rather than tell you myself, I’m going to refer you to TinyURL.com/IGTM-0513a, which is a page over on ZDNet that has more good information on MFA, and some links that will get you going in the right direction.

 • • •

 Geek Note:  Speaking of that worldwide cyber-attack, the WannaCry worm is an extremely widespread attack that is mostly under control, but is still successfully attacking systems that don’t have the latest security updates.  If you don’t keep your system regularly updated, make no mistake – you are at risk!  Get your system updated as soon as possible!