The 2-Step: Not just a dance!
I do a lot of dancing. The 2-Step has always gotten my feet tapping along to some old song in my head but in the tech world, the 2-step is a much-needed addition to ensure a safe, private, and secure identity online. As more banking, sales, and transactions evolve online, securing our financial and personal data is growing more urgent.
In the last week, I have had three friends’ Facebook accounts hacked. In the last year, I have had a client’s business email hacked and an attempt by the culprit to set up an online transfer of funds “immediately” via a request to the client’s bank using their own account! Had the bank not contacted them directly, it would have been a huge problem. Such breeches pose a big vulnerability to client data, finances, and identity.
You may have been offered by your email service provider, your bank, your investment firm, or other online accounts, to set up what is referred to as 2-Step Authentication, 2-Step Verification, or Multi-Factor Authentication (MFA). Even the Social Security Administration attempted to push this additional security step to users, realizing later that many of their beneficiaries may not be tech savvy or have a computer! Regardless, the philosophy is a sound one.
What is 2-Step, and what does it do?
2-Step requires an account holder to set up a secondary set of verification tools that can be used to verify them should they log in from a foreign location, request a password change, or want to update vital account information. They typically utilize at least two of the following categories:
- Knowledge: something the user knows – “The street name of your childhood home”
- Possession: something the user has – a tool, card, key, or device
- Inherence: something the user is – biometric: finger print, iris reader, a pattern the user inputs
Examples that are in current use include:
- A secondary email address (that must be verified)
- A cell phone number that can receive a call or text and provide a specific verification code that is later used on the same website to complete the log-in or change
- A home phone number that can receive a phone call that speaks a verification code or verifies your voice pattern
- A specialized key that you request from a device and input into the log-in screen.
- My Schwab account even offered a small device registered to me that provides a one-time 6 digit number to input after my password to better secure my account each and every time I log in.
There are some challenges to implementing these into your accounts. However, when we consider the vulnerability of our online identity, the benefits far outweigh the costs.
- Should someone attempt to change a password to log in to your account they will need the device, code, or validating information to move forward.
- Often these tools have a flagging system and you will be sent an email stating that a change has been requested.
- Since verification codes are constantly changed, dynamically-generated passcodes are safer to use than fixed (static) log-in information.
- While traveling, you may not have easy access to the device tools needed to verify or validate – especially if your email address requires verification too!
- 2-Step currently doesn’t have an easy workaround for accounting software and tools such as Quicken, Quickbooks, Mint, or Clarity. (My Capital One account allows me to input a very specific code for such software, so I can skip the 2-step and easily tap into my financial data with my software.)
If you need help sorting out securing your Facebook, banking, social media, and other online services to better protect your identity on all your devices, give me a call! Things can be a little tricky on mobile devices vs. your home computer. Regardless, stepping into this dance ensures you stay ahead of possible breeches in your online world.