security-265130_1920

The way we use two-factor authentication for security is about to change

When it comes to keeping your various accounts secure, one of the best options is adding two-factor authentication (2FA) to the account. For those who haven’t heard of 2FA, this is a method of adding another layer of security to your account which requires a second device or passcode before being able to safely log in. Traditionally, companies have been relying on our cell phone numbers or emails to provide this second form of authentication, but that’s about to change.

The National Institute of Standards and Technology has published a new “Digital Authentication Guideline” which details that the current method of using 2FA is not secure enough. The problem with using SMS or email as your second factor of authentication is that the device may not be in your possession at the time of inquiry and can be obtained by someone else.

Although using SMS or email as your second factor will no longer be allowed, the guideline states that you will continue to be able to use biometrics (read: fingerprints), as a viable option. With more and more mobile devices being released with fingerprint scanners, there is hope that we will be able to use these instead of relying on SMS codes. There are already apps on the Play Store, such as LastPass, that take advantage of the built-in fingerprint scanner on your device making it easier to access secured information.

As always, the first step to keeping your account out of the wrong hands is by creating a safe and secure password. The aforementioned LastPass and 1Password have the ability to generate passwords based on the amount of characters and whether you want symbols and numbers within the password. If you don’t have a password management application or service, but want to generate a password for a new account, you can do so by visiting LastPass on the web here.

We’ll be interested to see how the world of two-factor authentication evolves from here, since most companies and services use SMS or email authentication as part of the 2FA process. Let us know what you think about these changes, and whether they will affect you.

[via NIST]

Exit mobile version