20 February 2016

Two Factor Authentication

I mentioned in an earlier post this week that at work we had a demo of a 2 Factor Authentication system that we are implementing at work.  I have use 2 Factor with many accounts, it’s just a way that I can feel safer and know that no one is logging in as me. 

Primarily most people use Google Authenticator.  It’s a free app and it generates random codes that are short lived, you in turn enter this code along with your username and password and then are authenticated to the site you are trying to access. 

Two Factor is your username, password plus a 2nd factor like a code on a phone, a phone call that gives you a code or some second factor that will authenticate you are who you say you are.  This all started many years ago with RSA and their infamous key fobs, they would generate random codes again short lived and you would enter this along with your credentials in order to login be it to remote access for work, to a bank or similar site where security was critical.

In today’s world we have all heard of many data breaches, been told to change our passwords and to make them complex.  We need more or better security to prove we all are who we say we are in order to protect our personal accounts as well as work accounts.  I don’t know that there will ever be a totally secure system that can’t be hacked, but I think with time we are headed in that direction.  For now the closest thing we have is 2 Factor and if you want to get even more secure combine it with biometrics like an iris scan, fingerprint reader, facial recognition, etc. 

I will admit that having to have your phone by you in order to obtain a code or to get a call to obtain a code is a pain in the ass.  It’s hard enough to remember your password let alone to remember to take your phone with you to the computer.  However, it’s coming to be a standard practice for me.

Just today I enabled 2 Factor on my Facebook account.  I heard that Twitter is rolling out a 2FA program and I am sure that other sites will follow.  It would be nice if we could just link all of our accounts together and one short lived changing code would let us in to all of our accounts.  I see positives and negatives to that idea. 

In any case I just wanted to talk about 2FA as I think it’s presence is growing.  There are many companies that deal with 2FA, just do a quick google search and you will see what I mean.  The one company that claims it’s the easiest is DUO.  That is the vendor we chose at work.  You enroll your phone and then you get a pop up to approve or deny an access request.  It’s very simple, straight forward and if you lose your phone or say it’s being charged, they have other methods that you can use. 

The one thing is that if you start enabling two factor make sure there is a recovery method or an alternate method to get an authentication code should you lose your mobile device.  Otherwise, you could easily be locked out of your account forever.

Hope you enjoyed this.  Now back to regular programming.  

No comments: