Authentication is one of the essential components of security. One part of the concept known as authentication, authorization, and accounting (AAA), authentication is the process of claiming an identity and then proving that you are that claimed identity. Authorization is the mechanism that controls what you can access or do. Accounting is the recording of events into a log in order to review the activities against the rules and policies in order to detect violations or confirm compliance. To have a reasonable foundation for reliable security, all three of these should be addressed when constructing a system.
As users of online sites and services, we have no control over the security policies and technologies implemented on those sites and services. At best, we may be offered a few authentication options. If any authentication mechanisms are available in addition to a standard password, you need to take full advantage of those benefits.
Why Should You Bother?
Using the same old password method to authenticate to online sites and services has been common, standard, and easy. But that is, in fact, the problem. There are myriad ways that password authentication can be compromised, including guessing, discovering re-used passwords, brute force attacks, plain text user database theft, lost backup tapes, social engineering, shoulder surfing, infrared heat detection on keypads, keystroke logging, phishing attacks, web-spoofing attacks, DNS pharming attacks, session hijacking, network traffic sniffing, and man-in-the-middle attacks. Whether you have a short and simple password or a long and complex password, many of these attacks are just as successful against both. There is not a reliable means of password selection and use that can avoid all possible means of password compromise.
You need to choose better authentication security whenever it is offered. Hackers are actively seeking to compromise your online accounts. They want to be able to take over your accounts and identities. They want to take your money. You have to defend yourself by taking full advantage of the strongest authentication options provided by the sites you visit.
It is and will be a hassle, at least initially. It is a different way of accessing online resources. It will fail from time to time, and you will forget the process every now and then, but stick with it. Eventually, you will get the hang of it. It will become an automatic process for you, just like putting on your seatbelt or applying sunscreen (you are doing those, right?). By using better authentication options, you remove yourself from the masses of online users who remain vulnerable to basic password compromises. You want to be different. Take action. Be more secure.
Excerpted from the Global Knowledge white paper, Multi-Step Authentication and Why Should I Use It.