Over the weekend I had the pleasure of reading an article in Law Technology News last week called Developing a Strategy to Protect Client Confidential Data by Senior KPMG manager Ben Sapiro. The article presents a good overview of tools available to the contemporary law professional, but I thought it might be worthwhile to delve a little deeper into one particular topic raised by the blog: two factor authentication.
Passwords are the necessary primary line of defense for keeping your personal accounts safe, but strong passcodes are difficult to keep track of. Too many people, legal professionals included, fall into the trap of using ones that are easily remembered. It might come as no surprise that the most used password of 2013 ranked by Gizmodo is ‘123456’. (So if you ever had the urge to break in to someone’s computer I suggest you try that first, but you didn’t hear it from me).
When two factor authentication is applied to an online account, there is an instant benefit of extra protection. This way, even if your password is not as strong as it should be, there is still another line of defense.
Two factor authentication (TFA) is a two-step process of identifying an entity at a point of access into the system. TFA uses two of three different categories of authentication: knowledge factors, ownership factors, or inherence factors.
- Knowledge: something a person knows i.e. a passcode or a personal identification number
- Ownership: something a person owns i.e. wristband, cellphone, ID card
- Inherence: something a person is or does i.e. DNA, fingerprint, or retinal pattern
A practical example of this is an Automated Teller Machine: first you insert your bank card (something you own) and then you provide your PIN (something you know). The two factors together are much stronger than one on its own.
Inherence is most difficult to replicate followed by ownership and then knowledge. By using two of three categories, you essentially decrease risk through diversification. Last week with the announcement of the Heartbleed vulnerability, users who employed TFA were protected from hackers who couldn’t access their second factor.
There are a few other benefits to TFA as well. Professionals will be happy to know that it fills compliance requirements for PCI, HIPAA, PIPEDA if you ever need to transfer any protected health information. Additionally, two-factor authentication makes remote working a little safer – for those days you can’t make it in to work.
TitanFile provides the option of two-factor authentication for every user; we use knowledge and ownership credentials to make sure that you are the only one to have access to your information. Learn more here.