Two factor authentication technology –whose basic origins can actually be traced back to centuries before the digital age, even as far back as Sumerian times–essentially works by creating a dual barrier to entry for any sort of secured access system that uses. Typically, these barriers are also highly distinct and separate of each other, thus increasing their mutual effectiveness.
In most cases, especially with more secure versions of two factor systems, a first factor will consist of a password, passphrase or other multi-character on-screen login prompt then being followed by a second one that depends on external technology such as a token, one time transmitted password or a card-based verification access. In some cases, the second access factor can also involve biometric identification through fingerprint reading or an eye scan.
While two factor systems represent a marvelous innovation in digital security, their successful implementation isn’t always failure prone and even under conditions of well-done implementation, many two factor systems can still be easily breached by more clever intruders. One of the key problems with many two factor systems is the fact that many people who should know how to use them actually don’t, and thus badly utilize the technology or make mistakes that leads to gaping security holes, making the whole point of creating two factors null and void.
That said; let’s examine a few key tips, tricks and techniques for ideal use of two factor authentication in your home, office or organization
Apply Basic Security Procedures
As a first, basic policy of security regardless of whether or not you have two factor authentication on your devices, make sure you secure these machines and access portals completely.
This means completely logging out of your computer whenever you’re not using it, shutting it down whenever you plan on leaving it behind for an extended period of time and never giving access to your laptops, desktops or mobile devices to any untrusted third parties. Likewise should apply to all your online accounts; don’t let anyone use them unless you completely trust them and make sure you log out of them all any time they’re not being used.
No amount of login security is worth anything if you leave valuable data logged onto and completely exposed, or leave both your computer and a mobile device to which security tokens might be sent exposed to intrusion and the installation of snooping, data tracking and hacking software.
Don’t Share your Login Protocols
Another basic but very important security tip lies in not sharing your access protocols with anyone. On the one hand this means making sure you don’t let anyone who doesn’t have a valid need for it to know your login passwords and avoiding any tendency to lend your secondary factor receiving devices to someone else. Thus, for example, if your mobile phone is part of your two factor access system because it receives a text messaged token whenever you log into a certain account, don’t give that phone to friends, coworkers or others.
Setting up your Own Two Factor Authentication
If you want to be particularly cautious about making sure your data is safe, you can also take things a step beyond the existing two factor infrastructure you might have on your devices and machines by setting up your own added security points –creating a sort of ad-hoc multi-factor series of additional security barriers.
One excellent way of doing this involves simply encrypting the contents of your computer and electronic device files, making it so that after having to log into the machine with a password and a second factors such as a finger print scan or token based card pass, you then also have to type in a whole other passkey just to view all the encrypted data.
This same rule can easily be applied to any data stored on clouds, email servers or network data servers you might be accessing through a two factor entry process; simply encrypt everything you also put into these data storage media.
Or, in the case of desktop or laptop based data storage, set up a two factor access system that involves a finger print/ password combination and on top of those two, also encrypt your entire machine’s hard drive with a strong encryption package such as TrueCrypt, which also happens to be free and open source.
Take Advantage of Two Factor Authentication in Email and Data Apps
Let’s say that your computer, mobile device and online data storage are all protected by multi factor authentication, but you still want to make sure your security is as thorough as possible. Well, one additional step you can utilize is to use any available two factor options your software applications and email clients allow.
These extra security options are often forgotten by people with digital information to protect despite the fact that many commonly used applications and email systems do offer two factor authentication for their users. For example, virtually all Google Data storage platforms such as Gmail and Google Drive offer two factor verification through mobile phones as an information protection option. The popular cloud storage platform DropBox offers the same thing as well and this sort of security is also common among many other email and storage services. Take advantage of all the different ones you use; learn their security options and see if they include two factor authentication; if they don’t, find and use alternatives that do.
Just imagine how much valuable data you might have to protect on a Gmail account you regularly use for your business.
Some Questions to Ask Yourself
Finally, if you’re thinking of implementing a two factor authentication regime in your company or organization, be sure to ask yourself the following key questions before proceeding:
Who are your users?
Two factor systems are cumbersome and some of them can drastically slow down or complicate access to needed data, servers or services. Thus, bear in mind that your main users will be and work accordingly; if you’re dealing with employees that need to protect important data, you can be more rigorous and arrange for more serious security procedures on their login portals.
If on the other hand your main users will be clients and customers in general, then maybe look for slightly less secure but more streamlined options that take convenience into account.
Where is data being accessed from?
How and where data is being accessed is an important factor in what type and level of two factor security you need to implement. In many cases, the actual physical devices that exist in your home or workplace might be safer from unauthorized access and thus require slightly less rigorous security while remotely accessible databases and servers might absolutely need a robust two factor authentication system due to remote hacking risks from other locations.
Also, watch your remote access locations carefully; if you see known IP addresses from inside your region accessing data, you probably have a lot less cause for worry than you would if you suddenly see an access attempt coming from Russia or Nigeria.
What Kind of information are you securing?
Finally, decide how much inconvenience you’re willing to tolerate with two factor authentication implementation by looking at the value of the data you want to protect.
Highly personal client information inside a financial services firm will obviously need robust protection involving multiple passkeys and access factors regardless of hassle to you, clients or employees. On the other hand, protecting access to a computer that contains nothing more than family photos and movies might not need much more than a basic password based login prompt.
In essence, decide whether or not to use a two factor access control system and its strength based on how much damage you think a potential security breach could possibly cause.
