As our lives become more and more “digital”, it is increasingly important to protect our digital identity. Most people have the attitude of “I don’t have anything important enough to steal” so they take a very lackadaisical approach to all aspects of security on the internet. Sure, we all want our privacy, but we don’t want to deal with passwords.
According to a Pew Research Center survey,
- 41% of online adults have shared their password to at least one online account with a friend or family member.
- 39% say they use the same or very similar password for many of their accounts.
- 25% use less complex passwords than they know they should because it’s easier to remember.
- 16% say that someone else has at some point taken over one of their email accounts.
- 13% say that someone else has at some point taken over one of their social media accounts.
- 6% say that someone has impersonated them in order to file fraudulent tax returns.
Passwords have become a part of our lives whether we like it or not. We all know that passwords are a pain to use, remember, change, etc… and even if we do everything right, our online lives still get compromised. Every solution to making passwords more effective makes our password experience that much worse.
- Use a complex password involving lowercase, uppercase, numbers, symbols (ugh)
- Make the password at least 8 characters long (at least 8 characters…?)
- Change your password every 60 days (really?)
- Don’t reuse a password that you’ve used before (what are you, nuts???)
- Don’t use the same password for multiple sites (AHHHHHHHH!!!)
How do you solve this problem? For decades, many people and organizations have tried. The answer, at the moment, lies in adding a second step to verify who you are.
The act of proving that you are who you say you are is called authentication. You authenticate yourself (X) to someone (or something) else (Y) to prove that you are who you say you are. Typically, this involves both (X) and (Y) knowing something in common, like a password. (Y) asks (X) a question and if (X) answers correctly then (X) must be who they say they are. But this is just a transfer of information, right? Anyone can pretend to be (X) by simply knowing a bit of information. Think back to the days of prohibition and speakeasies where the feds would get in by simply knowing the password to open the door.
This is where we add a second type of authentication. This doesn’t involve “knowing” something. This involves “having” something. In this case, (Y) attempts to discover if (X) has something in their possession, such as a phone. (Y) does this by sending a text message to a phone number and if (X) has the device with that phone number in their possession then (X) must be who they say they are. Imagine if a malicious individual found out your password – they probably don’t have your phone as well. So, if they attempt to fool (Y) by giving the correct password, they cannot fool (Y) into thinking that they have your phone.
Another type of authentication does not involve knowing something and does not involve having something but rather “being” something. This is where “biometric” comes in. This is where you use a fingerprint or retina or face scan of some kind.
When you combine more than one of these types of authentication, it is called multi-factor authentication. If you combine your password with your phone then you don’t have to be quite a diligent about all those password rules, because even if a malicious individual gets your password, it isn’t going to get them into the system.
TopLine Results takes security very seriously and requires multi-factor authentication for all its employees. We do this to not only protect our own data but also the data of our customers. When choosing a company to work with, make sure that they always keep security in mind and implement the best security practices.
If you want to work with an organization that can solve your sales, marketing, and customer service problems with highly-secure technology, then give us a call @ 1-800-880-1960 or email firstname.lastname@example.org.