Your bank and your email provider know a thing or two about passwords so they know that to really protect you, your password needs a password.
Cyber criminals have developed the tools they need to crack just about any password. In fact, the question isn’t whether they can crack it, but how long it will take them to do so. That’s why Peoples Bank recommends that a password be “long and strong”, the longer and stronger the password, the more time it will take to crack, and the more time you have to protect your account when the attempts to hack it are being made.
But, there is a great way to introduce complications for the bad guys bent on cracking your password. The technology is called “two-factor” or “multi-factor authentication.” It is essentially a password for your password. Here’s how it works.
Multi-factor or 2-factor authentication processes require multiple assurances that you are the one trying to access the protected area. It asks for information only you are supposed to know and relying on something that only you can have. In most cases, those 2 things (what you know, what you have) are the 2 factors of authentication used at the time the account was setup and confirmed via mobile device.
Peoples Bank installed this multi-factor security system years ago for its online banking customers. When you are at the bank’s website and want to log in, you need a user id and password, the 1st factor, what you have to know in order to access the site. The system will send a message to the device you have (the 2nd factor), and if it’s in your possession, you can enter that bit of information to the site. With that action, the site has received reasonable assurance of 2 different types of input asserting that it is really you—so it will let you in.
Most of the big name email providers such as Microsoft’s Outlook.com (formerly Hotmail), Google’s Gmail and Yahoo! Mail provide 2-factor authentication systems to protect their customers’ email from being hacked. If your email provider offers it, we strongly suggest you enroll in that program; if it doesn’t, we suggest you get an email from a provider that does and use that new email account to access your online financial accounts.
In most 2-factor systems, the 2nd factor is a random number or set of characters sent as a text message to your phone. Other times it is a special message sent to an app that received certification when it was installed on your device.
Many businesses focused on security have replaced their vulnerable VPN systems with such multi-factor systems to protect their business. (If it has not, it should.)
The assumption is that a cyber criminal is unlikely to have your phone when trying to access your account. More advanced multi-factor authentication systems for business customers even take this scenario into consideration and remove the threat of a criminal having stolen your phone to access secure information.
Microsoft has developed a new technology released in Windows 10 to use facial recognition rather than a password. Called “Windows Hello”, it is hoped that such technology (and similar offerings from other vendors) will eventually establish true personal identity security.