3 simple ways two-factor authentication can protect you when no one else will

Two-factor authentication helps protect your online identity even when the companies you do business with are breached or leak your data.

It seems like consumer data is compromised in some massive data breach every other week. You should expect the companies you do business with to do everything possible to prevent data breaches and protect your data, but it's unreasonable to believe it will never happen. It's up to you to take additional steps to protect your own data, and minimize the potential fallout from a breach as much as you can. One of the best ways to do that is with two-factor authentication.

Dairy Queen and Kmart are just two of the more current examples of major retail chains that have had their point-of-sale systems compromised--resulting in attackers' capturing sensitive customer data. Target, Home Depot, and UPS have also been victims of recent data breaches. Personal information and credit card data from tens of millions of consumers is now in the hands of criminals, and at risk of being used for fraudulent activity or identity theft.

Whenever a breach occurs, there are calls to use strong or complex passwords, but passwords alone can't protect you. The Verizon 2014 Data Breach Investigations Report found that two-thirds of breaches are the result of weak or stolen passwords.

Authentication--the process of verifying your identity--comes down to three essential things: something you know, something you have, or something you are. It takes at least one of these to prove you are who you say you are. For better protection, though, you should use two-factor or multi-factor authentication that includes at least two different methods of authentication.

The problem with using just something you know--like passwords--is that it can be shared, guessed, or cracked. A username and password might seem like "two factors," but they're actually both something you know, and the username is often predictable or trivial to guess, leaving you with just a password.

Google, Apple, and Microsoft have all implemented some form of two-factor authentication for user accounts. In order to add new devices, or access or change information on the account, users with two-factor authentication must also enter a code of some sort that is sent to the email address or phone number on record for the account. Even if your password is compromised, and an attacker attempts to access your account, odds are less likely that the attacker has already hacked your email account, or happens to be in possession of your mobile phone.

Some credit cards contain an embedded chip that serves as an additional authentication mechanism. An attacker may capture the magnetic stripe data, and be able to create a clone of a simple credit card, but without the associated chip the credit card won't work. Chipped credit cards are widely used in Europe, but are just beginning to be introduced in the United States.

1. It makes your data harder to compromise

Using two-factor authentication adds an extra layer of protection for your accounts. It's like having a regular lock and a deadbolt on the front door of your home, or locking your car, but also engaging an alarm system. The idea is that an attacker may compromise one of your authentication methods, but probably won't be able to compromise both. Just the fact that you have multi-factor authentication in place at all serves as a deterrent, because attackers will generally move on to easier targets rather than investing the time necessary to access your accounts.

2. It prevents fallout from a data breach

If you use two-factor authentication, you have much less to worry about from the data breach du jour. A website you use might get compromised, or a retailer you frequent might be the victim of a network hack, but the data gleaned from the breach is only one of the factors. As long as you also use something you have or something you are as additional layers of authentication, your identity and data should be safe even if your passwords or other personal data are exposed in a breach.

3. It can alert you to break-in attempts

Two-factor authentication lets you know when there are unauthorized attempts to access your accounts. If you suddenly receive a text message with a code, or an email verification when you aren't accessing the account yourself, you can assume that there is some sort of suspicious activity. Your account should be safe because you have two-factor authentication in place, but if the attacker was able to get to the point of triggering the two-factor authentication it probably means your username and password are already compromised, and you should change your password immediately.

It's an imperfect world. Even in a best-case scenario there will still be security issues and data breaches. Don't surrender security in the name of convenience. Take advantage of two-factor authentication for any devices, sites, or services that you can so you can make sure you're protected even when nobody else will.

Join the CSO newsletter!

Error: Please check your email address.

Tags two-factor authenticationsecuritydata breachauthenticationHome DepotIdentity fraud / theftupsDairy QueenTarget

More about AppleGoogleHome DepotMicrosoftVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts