A whisper can be stronger, as an atom is stronger, than a whole mountain.”
~Louise Nevelson

Multifactor – why it’s a pain you love

Google+ Pinterest LinkedIn Tumblr +
Multifactor authentication / MFA: a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.​

There are five authentication “factors”:

  • What you know (password)
  • What you have (smartphone)
  • What you are (finger print)
  • Where you are (… literally, where are you?)
  • When you are (…and what time is it?)

Why do you care?  Because if you’re in Seattle someone in Zimbabwe shouldn’t be logging into you bank account.  If you’re fast asleep your email shouldn’t be accessed by your husband, and if someone doesn’t have your work ID they shouldn’t be accessing work materials with your account.

Every one of us is familiar with – and hates having to use – passwords.  Passwords are “what you know”, but they can be and are stolen all the time.  Adding another “factor” to an account can be annoying (we already hate passwords), but you know what? We need MFA nowadays, and need to use it on every single account we have on every site that will let us.

Everyone knows The Hunger Games movies, the lead actress is Jennifer Lawrence.  After a now-famous hack a few years ago, the entire world could see her private, very intimate photos that were stolen from her iPhone;  the movie was a choice on her part, the private nudes were not.  If she had been using multifactor on her Apple account she would have had a say in the matter. Instead her password was stolen and used to download the backups of her iPhone.  Hundreds of other actresses suffered a similar fate.

You may not be famous, but it’s worth the added five or ten seconds to thoroughly authenticate to your account.

  • Step 1: Google ‘how to multifactor gmail” (gmail, evernote, linkedin, facebook… whatever)
  • Step 2: Follow the directions, it takes five minutes or less.
Generally speaking what will happen is you log in like you always do, then your smartphone wakes up with a text message.  You enter the code just received and that’s it, all done.  
Some day, it’ll happen, you’ll be in the airport coming home from a trip and your phone will go off and it’s Facebook providing you a login code… that you didn’t ask for (but someone else did!).  You can get on the plane knowing a) your password was stolen during your trip, and b) it doesn’t matter.

Like encryption, multifactor is your friend.  


Leave A Reply

Secured By miniOrange