Here’s the problem – passwords are generally a pretty awful way to prevent unauthorised access to an account. This is because too often the passwords are so lousy they are child’s-play for a hacker with a little skill and a little technology. Hackers are having a ball with weak passwords, one of the biggest security problems out there.
2-Factor Authentication (2-FA) is an increasingly common way of protecting people who use weak passwords against themselves.
Here’s what a fairly recent Microsoft report says,
“Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA (Multi Factor Authentication).”
View the report at this link:
When a login to a service that uses 2-FA is attempted, the service provider concerned, be it a bank, broker or some other service, sends a code via SMS or an app to the registered cell phone of the account holder. In addition to the password, this code needs to be entered to log in.
So the person logging in also needs simultaneous access to the account holder’s registered cell phone. This provides extra confirmation that the login attempt is genuinely coming from the authorised account holder. It’s a huge improvement over just a password.
The particular 2-FA code is usually only valid for that single login attempt, and for a particular time period, such as 10 minutes.
Of course, 2-FA is a further inconvenience. We have to have our 2-FA-registered cell phone to hand when we want to log in. It also involves having back-up and recovery steps in place, such email address and alternative phone number should we lose our cell phone or such like. Otherwise we may be locked out and lose access to our account if there’s a problem. Such things usually happen at the worst possible time. So don’t take the chance.
Good security isn’t easy. We have to recognise that globally the substantial majority of account hacking and data breaches are caused by weak passwords. So if we are at all serious about online security we should regard enabling 2-FA, where available, as obligatory.