For the past 12 months the number of organizations adding two-factor authentication to their login process has increased thanks to the increasing number of hackers breaking passwords.
The latest, according to a report in PCWorld.com, are two U.S. banks, which have joined Google, Apple, Facebook and others in offering the improved security to customers.
Two-factor authentication requires two pieces of identification – broadly speaking, something you have (a card or a special number) and something you know (usually a password).
In practice, users have to set up logins so a Web site generates a random number sent to a smart phone, which gets entered at the time the password is typed in. Some organizations with demanding security require employees to carry a wireless key fob with them that will receive and display the random number.
Smart phones are ideal for this purpose because an increasing number of people carry them.
To make things practical, two-factor identification is needed only the first time on the user’s regularly-used computer; two-factor is needed when an attempt is made to login from another PC.
It’s not without flaws: If someone steals your computer they could bypass your PC login by booting into safe mode, scan the system for passwords and thus get around the two-factor process. Enabling the Bios password on the PC can make that a little more difficult, although one IT consultant we talked to noted that pulling the CMOS battery will let someone reset the Bios configurations. “There is no foolproof way of lock down a computer,” he wrote.
There is another possible problem: Wrong smart phone number or wrongly dialed numbers, or even handsets turned off. One solution just announced comes from British-based Tyntec, which on Monday announced software called OTP SMS for app developers, financial institutions, carriers, Internet companies and enterprises. The software verifies mobile numbers before transmitting one-time passwords.
Tyntec estimates 13 per cent of one-time passwords fail to be delivered to end users.
But two-factor authentication is an improvement over the common passwords banks and social media sites currently require on their Web sites.
Still, experts say to really foil hackers biometric-related authorization using fingerprints, iris scans or voiceprints will soon be needed to assure people of Web site security.
Just as this story was published British-based Tyntec announced