With all the news about Yahoo accounts being hacked and other breaches of digital security, it’s easy to wonder if there’s any real way to keep unauthorized users out of our email and social media accounts.
Everyone knows not to use the same username and password combination for every account – though many people still do. But if they follow that advice, people end up with another problem: way too many passwords to remember – 27 on average, according to a recent survey. That can lead to stress about password security, and even cause people to give up secure passwords altogether. It’s an ominous feeling, and a dangerous situation.
But there is hope, through what is called “two-factor authentication,” in which a user needs not only a login name and password but also another way to validate her identity, before being allowed to connect to, say, Gmail or Snapchat. That way, even an attacker who gets a user’s login name and password still can’t access the account.
When it happens, this usually involves the user either receiving a text message on her phone with a six-digit code, or opening an app on her phone that will give her the code, which changes every 30 seconds. As a cybersecurity researcher, I know that even as this method is just starting to become common, a newer method, a return to the era of the physical key, is nipping at its heels.