The World Wide Web is becoming more of a utility and less of a luxury for users around the world. There is approximately one mobile device for every person alive today. These devices are bringing information from around the world right into your hands. The internet is the greatest leveler of access to information the world has ever seen, but the more access we have the more vulnerable we are becoming.
Just recently the US laid charges on five Chinese army officers for hacking into companies for the purpose of getting a competitive advantage. It’s the first cyber case of its kind. eBay has recently announced it had been hacked and that customers should change their passwords.
Hacking is not something that just came out of nowhere. It’s been around for as long as technology itself. The difference now, is that hackers have gotten more and more sophisticated. Computing power is exponentially more powerful and with so many access points and very little understanding by the general public, it’s the perfect storm.
Companies have had this struggle for years with hackers, spending billions in the pursuit of security, but it’s such a vast and ever evolving phenomena that it is difficult to stay ahead.
Recently you may have seen more and more companies trying to turn the tables introducing new ways of trying to plug the vulnerabilities. One method that is not new but noticeably trending is the two step verification method.
This method has been around a long time but more in a corporate settings. Many email clients and social media have now adopted this technique. It gives their users another layer of security.
Passwords can be cracked by several techniques, but with the two step verification, the hacker will still need this second identifier to login. This added layer of security makes it just that much more difficult for a perpetrator to access your account and potentially steal your personal information.
Companies like Facebook and Twitter are using people’s mobile devices as the second identifier. When you are logging into your account and enter your password, a second code is either sent to you via SMS or the less popular voice call. Until you enter this second code, you will not be able to access your account.
Alternatively, Google has released an application called Google Authenticator. It is being used not only by Google, but by more and more third party applications. They have also released versions for Blackberry and Apple iOS. Basically, it generates a unique key every time you try to log into your account with your username and password. This unique key must be entered before you can proceed.
There are two styles you can use, a time based counter which generates a new key every 30 seconds or alternatively, a counter based method which generates a new key every time you login. The time based counter is preferred but if you work offline or have issues with the time synchronization between Google’s Authenticator and the application you are logging into, you may want to use the counter based method.
More and more websites and mobile applications that need their users to login to access their account are beginning to adopt two step authentication like Google, Twitter, Facebook or some other two step verification.
Written by:
Justin Roopnarine
System Architects Inc.