Everyone is sick of remembering passwords. Even with a password manager it’s still a hassle. And when you do follow the rules and change your passwords every few months and use a generator to deliver complex strings of numbers at letters, you could still be hacked. Passwords are the Achilles heel of online security and the weak point cyber criminals just love to target. Now, however, we could be on the verge of waving goodbye to passwords forever as a new form of IT security comes to the foreground: two-step authentication.
Apple has been using ‘Trusted Device’ since iOS9, a comprehensive two-factor authentication system whereby you will be asked via one of your other devices to verify new logins. This works very well for those loyal Apple users who do indeed have something that resembles an orchard clustered on their desks. Google also offers its users the chance to verify account sign-ins by tapping a prompt sent to your phone. You can also set these devices as ‘trusted’ and negate the need to repeatedly accept the prompts. Now, just a little behind, Microsoft have joined in with this new form of IT security.
Microsoft Authentication is an app now available for Android and Apple. Windows Phone users will have to wait as Microsoft aren’t willing to sink money into a development for only 5% of the world’s population of smartphone owners. However, if the app is successful on Android and iOS devices, a Windows app will be developed. Microsoft Authentication allows users to verify logins via their phone in a two-factor authentication style, one of the best types of online security. The app notifies the phone holder of a login attempt and you simply need to enter an eight-digit numerical code which is presented on the app. Each code is only valid for 30 seconds, increasing the IT security offered by this app. It operates in much the same way as Apple’s Trusted Device, to be honest, and is a step forward from the initial Microsoft Authentication released in summer 2016 which only allowed for wearers of the Apple Watch or the Samsung Gear to use their fingerprints to unlock their online accounts. The limits have now been lifted!
Of course, there’s one problem with all of these two-step authentication processes. If you lose your smartphone/laptop/device or it falls into the hands of a cyber criminal (because they are tangible beings, don’t forget), then your accounts can all be accessed because the cyber criminals can grant it themselves. If we continue using two-step authentication through mobile devices, then our individual awareness of who has access to our devices must come to the forefront of online security. And don’t let your basic security slack and always use a passcode or have fingerprint recognition enabled.
It is undeniable that online security is becoming a bigger issue and one which these technology giants are developing new techniques for. As more and more data is stored in cloud systems and every aspect of our lives become digitised, IT security needs to step up their game because cyber criminals are stepping up theirs as the potential rewards get greater. Two-step authentication is a move in the right direction and, surely, more will follow.