A password is a single authentication factor – anyone who has it can use it. No matter how strong it is, if it’s lost or stolen it’s entirely useless at keeping private information private. In recent years, large-scale data breaches have increased dramatically in both severity and number, and the loss of personal information – including password data – has become commonplace.
Add to this the fact that rapidly evolving password-cracking technology and the habitual use – and reuse – of weak passwords has rendered the security of username and password combinations negligible, and you have a very strong argument for two-factor authentication (TFA or 2FA).
Two-Factor Authentication evaluates popular secondary authentication methods such as hardware-based one-time password (OTP) generation, SMS-based OTP delivery, phone call-based mechanisms, geolocation-aware authentication, push notification-based authentication, biometric authentication factors and smart card verification, as well as MFA (multi-factor authentication), 2SV (two-step verification) and strong authentication (authentication that goes beyond passwords, using security questions or layered security).
Increasing your password strength will do absolutely nothing to protect you from online hacking, phishing attacks or corporate data breaches. To secure your data properly, you also need to use a separate, secondary authentication factor.
Concerned about the security of your personal and financial data? You need to read this book.
2: Risks to One-Factor Authentication
3: Understanding the Basics
4: Second-Factor Technologies
5: Standards and Regulations
6: Two Factor for Internet End-Users