No One Knows About Two-Factor Authentication, and It’s Putting Their Security at Risk
Sounds strange, doesn’t it? As much as we try to promote the importance of this security measure—a secondary means of identifying that whoever is trying to log into your account is actually you—a recent survey from the Pew Research Center indicates that more than half of those quizzed cannot identify a single example of two-factor authentication.
As far as account security goes, that’s not good.
Here’s a quick refresher. Two-factor authentication is incredibly important because it adds a secondary challenge to login attempts. If a person has your user name and password, but not access to the authenticator app on your phone, for example, they will be unable to actually log into your account. You’ll likely get a notification that a login attempt was made—so you can then change your password to something more secure—but your account will remain safe.
As Authy describes, your second authentication factor could consist of:
- Something you know: This could be a personal identification number (PIN), a password, answers to “secret questions” or a specific keystroke pattern
- Something you have: Typically, a user would have something in their possession, like a credit card, a smartphone, or a small hardware token
- Something you are: This category is a little more advanced, and might include biometric pattern of a fingerprint, an iris scan, or a voice print
“With 2FA, a potential compromise of just one of these factors won’t unlock the account. So, even if your password is stolen or your phone is lost, the chances of a someone else having your second-factor information is highly unlikely. Looking at it from another angle, if a consumer uses 2FA correctly, websites and apps can be more confident of the user’s identity, and unlock the account.”
But that’s not all. The Pew Research Center asked a handful of other questions related to cybersecurity and privacy, and here’s how recipients answered:
- Only 25 percent knew that “private browsing mode” only prevents a person using the same computer from seeing a their activities—your ISP or employer can still see what you’re doing, and websites can still log information about you.
- Only 30 percent know that an “https://” URL indicates that you’re making an encrypted connection to a website.
- Just around one-third weren’t sure where they might get hit with phishing scams—over email, text messages, or scammy websites, for example.
If you’re curious how your cybersecurity knowledge might compare against everyone else’s, you should try taking a similar quiz the Pew Research Center published back in 2017. The National Institute of Standards and Technology also published a short quiz back in 2017 that’s worth exploring—it has a cat!—and Palm Beach State College has a more competitive quiz, if you want to score some digital points while proving your cybersecurity prowess.