Recognizing the Password Problem: Two-Factor Authentication in the Spotlight
Okta, October 16, 2012
On Friday, the New York Times published “Doing the Two-Step, Beyond the A.T.M.” about the recent installation of two-factor authentication across companies like PayPal, Dropbox, and Google.
What’s at the root of this focus on verification? The password problem. We’ve talked about it again and again — weak passwords and the employees who use them are among the biggest threats to IT security.
In the Times story, Nick Berry, president of DataGenetics, discusses how he analyzed large password databases and after shifting through 30.3 million passwords, he found 3.4 million consisting of only four digits. Of these four-digit passwords, 11 percent were “1234,” whereas 6 percent were simply “1111.” Hacker’s don’t need a lot of creativity to get past those flimsy barriers.
Companies could certainly make it more difficult for hackers — and not just by strengthening employees’ passwords, but by using two-step verification. As Randall Stross points out, an ATM is the perfect example of two-step verification: it requires the presentation of both a physical card and a correct PIN. Websites can do something similar, like sending users a text message with a code after they input the first password. A would-be thief would need access to both a users’ password and phone to access the account.
We’ve always offered multifactor verification to keep our customers’ information as safe as possible. Now, Dropbox, Box, PayPal — and even Gmail — offer two-step verification options. There’s no taking chances in enterprise security.