Authentication and Passwords 101 (Yes, You Need Both!)

passwords

 

Barbara Trapp and digital authentication typesYour accounts and platforms should involve multiple layers of security. The first, basic layer is a username and password. Even if you have a strong password (congrats if you do, read this post on password managers if you don’t), for more security, consider additional layers of protection and authentication.

Let’s define some terms that have gotten many, including me, confused. First, the terms “authentication” and “verification” are used interchangeably, so consider Two-Step Authentication and Two-Step Verification the same.

Authentication is proven by three different types of authentication factors:

  • What you know: Password, PIN, answer to a security question
  • What you have: Phone or other device you can retrieve a code from
  • Who you are: Biometrics such as facial recognition, iris, fingerprint

Two-Step Authentication (2SA)

This refers to two things you know, such as a password, PIN, security answer, and/or email confirmation which you could receive on any device, not just your phone. If you must provide three pieces of information (still just one type of authentication) it would be 3SA.

Two-Factor Authentication (2FA)

This refers to exactly two different types of authentication, such as one thing you know and one thing you have, like a password and a phone to retrieve a code from. This makes it 2FA.

Now – grab your coffee or tea…

If you provide a password and answer a security question (what you know) and then receive a push notification from your phone (what you have), it is considered 3SA because there were three things. But, this is also just 2FA because there were just two types used (two things you know and one thing you have). Got it? Good!

A 2FA combination of a password and phone is a safe option unless…someone has access to your password and phone. A “who you are” type of authentication, such as a fingerprint scan or facial recognition technology, provides even more security. 

Multi-Factor Authentication (MFA)

Don’t be confused by this one. MFA just refers to at least two or more types of authentication. This could be 2FA, 3FA, 4FA (think James Bond), etc. For example, a password, a push notification on your phone, and then a fingerprint provides three-factor authentication (3FA). 

Whew! To summarize, use at least 2FA whenever possible, and the more layers the better. Three things are three layers or levels of protection, which is better than just a username and password!

Passwords

Now about your passwords… Are they reused? Are they short or long? Are they weak or strong?  I’m channeling Dr. Seuss here to lighten up this brain-melting topic. The good news is that it’s relatively easy to create secure passwords you can remember. The bad news is they really all need to be different and updated on a regular basis. And you need to be able to access them whereever you are, right?

So, how do you keep track of it all? This post about password managers can help you organize and strengthen your login information.  I know I’m repeating myself, but I feel that strongly about everyone having a good system in place to ward off and thwart hackers and other not-so-nice people who could cause chaos by gaining access to your digital life. 

Speaking of chaos…

Are you overwhelmed by digital clutter? Organizing your digital life is just as important as organizing your kitchen, closets, or office. My digital organizing services can help you declutter your mind and help you be more efficient and productive.  I’d love to help you get some clarity so you can live the life you desire! Schedule your free consult here.

Barbara Trapp, CPO®, Certified Professional Organizer® and Productivity Coach
Zen Your Den®  and Zen Your Biz™
Professional Member, NAPO (National Association of Productivity and Organizing Professionals)