Passwords are NOT Secure

OTPDo you ever wonder how secure your passwords are, or how you are supposed to remember all those complex passwords everybody tells you to remember?  Is a password containing numbers, letters, and symbols really more secure?  Is “MyP@ssw0rd” more secure than “ThisIsMyPassword”?  The answer is no, passwords are the wrong approach, and it doesn’t matter what your password is, you are at risk.  Numerous companies have had large quantities of passwords stolen by various means:  eBay, Google, Yahoo, to name a few.

What’s the alternative?

Two-Factor authentication is the alternative.  There are 3 factors of authentication:

  • Something you know (A password for example)
  • Something you are (A fingerprint or a retina print for example)
  • Something you have (A key for example)

Two-Factor authentication entails using two of the three above factors of authentication at the same time to obtain access.

What is the most common Two-Factor authentication scheme?

Most commonly a password and a one-time-password are used for access to systems.

What is a One-Time-Password or OTP?

An OTP is usually a 6 digit number that is generated by a device.  These 6 digit numbers can only be used once, are generated every 30-60 seconds and expire if not used.  They can be generated by a small hardware device or an application that will run on a phone or tablet.

When logging into a system the OTP is prompted for.  It is a simple matter of entering the 6 digit code being displayed at the time to gain access.

How do I use OTP?

OTP must be supported by the system you are using.  DropBox, Google, Facebook, PayPal, and Banks, are a few examples of systems that support OTP.  Going into the security settings is where OTP can be configured.  Once configured, even if someone obtains your password, they will be unable to access your account.

How much does OTP cost?

For the end user, the cost is usually free.  There is an application for phones called “Google Authenticator”, which is a free download.  Google Authenticator will generate OTPs that will work with most sites that support OTP.  Google Authenticator can be used to secure your Windows laptop for free, with the right software.  For corporations there are numerous options available ranging from free to very expensive.