2-Factor Authentication: What You Know + What You Have

The Problem with Passwords
It's not just that people have bad habits when it comes to creating strong, unique passwords, it's that even the best password is useless if it's been hacked. And passwords are hacked by the millions in data breaches around the world on what seems a daily basis.


Take a look at the world's largest data breaches here.


The password has become a weak link in proving the identity of an account holder. It needs some assistance in keeping the bad guys out of your accounts. In fact, to show it's you, and not the bad guy, logging in, additional proof is needed -- some factor that the bad guy doesn't have.


Multi-factor Authentication to the Rescue
Multi-factor authentication uses two or more factors to verify your identity. Multi-factor uses a combination of:

  • Something you know -- such as a password or pin number
  • Something you have -- such as a phone, token or other digital device
  • Something you are -- something unique to your physical being -- biometrics-- like a fingerprint, palm print, retina scan, or your GPS location (to verify you are logging in from the correct area)

Institutions that deal with confidential information -- financial, government, education, etc. -- are starting to implement systems like this. In the next years, multifactor authentication may become commonplace to many businesses for its additional security features. More factors of authentication = more security.


Two-factor authentication is a subset of multi-factor authentication that uses any two factors to verify your identity. 


2FA often uses the combination of something you have and something you know. This is because the technology required to read biometrics like retinas or fingerprints is not as accessible or practical. Many 2FA systems utilize cell phones or hardware tokens to provide time-sensitive codes in addition to a password.