Last updated October 2018
Think about chip and PIN. It makes your bank account more secure because you need two different
things to use your debit card:
- Something you have (the card)
- Something you know (the PIN)
Previously, just having the card was enough, so anyone who obtained your card could make
payments — assuming they could roughly imitate your signature.
Chip and PIN is the most familiar form of two-factor authentication,
but companies are gradually adopting a similar approach for online accounts. If you have Gmail,
Outlook.com (formerly Hotmail), a Microsoft account, or an Apple ID, you should consider
two-factor authentication because it greatly increases security. Many other companies offer it
Note: Some companies refer to two-factor authentication as
two-step verification. It’s the same thing.
Let’s use Gmail as an example. You already have a password; it’s the ‘thing you know’. With
two-factor authentication, your mobile phone becomes the ‘thing you have’.
You go to check your email and enter your password in the usual way, but Gmail then texts or
calls you with a one-off six-digit code. Receiving this code proves your possession of the
phone. You type the code into the computer and Gmail welcomes you in.
Because it would be annoying to always have to do this, Gmail remembers your particular
computer and only makes you repeat this process occasionally.
Now consider that a hacker guesses your password, obtains it from a data breach, or tricks you
into revealing it via a phone call or bogus website. Their goal is to access your Gmail.
They get past the password stage, but because their computer is unfamiliar, Gmail
demands a one-off code — which it dutifully sends, of course, to your phone. The hacker
is thwarted because they didn’t get the code. And as a bonus, you’re now aware that your
password is compromised.
Two-factor authentication is a massive step forward for security, for only a little extra work
for you. Once you’ve set it up, it will go a long way to keeping hackers out, without
inconveniencing you on a day-to-day basis.
What if you lose your phone?
Good point! First, it’s a good idea to have more than one phone registered, if possible. These
may include your mobile, landline, or a partner or friend’s phone. You might also be able to
install an app on your tablet which can generate codes. In the case of Apple, your computer can
be registered to receive codes. And with Google, you can print out 10 emergency codes to hide in
a drawer somewhere or take with you travelling.
I’m a computer technician and tutor serving North Oxford, Kidlington, Woodstock and the
surrounding villages. Visit my home page to find out more and get in touch.