Technology is ever-evolving. Nowadays, its easier to access our phone, open our banking app and send money to anyone.
But, the question is, have you opted to enable your two-factor authentication?
I have a short story to tell.
One of my friends was playing the very popular, Call of Duty game on his mobile device. His phone is an iPhone that no longer has the power button but instead relies on facial recognition, which he has on. While playing the game, and closing all the promotional advertisement pop-ups in it, he unwittingly clicked an option to buy. His payment details are connected with the phone’s facial recognition.
So, long story short, his face enabled the purchase of an in-game item, he did not intend to buy in the first place.
Multi-Factor Authentication Schemes
In cybersecurity, we have the concept of multi-factor authentication schemes, in order to gain access to a computer. This can very well be applicable to gaining access to something or somewhere. Very simply, this involves:
- Something You have
- Something You know
- Something You are
- Somewhere You are
Something You Have
This is a physical item that will open something. For a computer, this may be a Flash Drive, which will boot up a computer. This can be a key, to a room or house, or your ATM Cards for accessing your bank account. Nowadays, phones are categorized under this scheme, since, you may enable the granting of access to an email account in another device by using your phone.
Something You Know
This will be a password, that you set or is given to you. Back in the days, when making your own Yahoo! account, there will be a security question, in case you forgot your password. This, too, falls within the scheme of ‘something you know’. Another thing that falls into this category is the one-time-pin sent to you by your bank or other service providers.
Something You Are
This involves you as a person, some physical characteristics, like your fingerprint, or face, or maybe your irises, even your voice.
Somewhere You Are
Entails the geographical location of where you are accessing something. This is more commonly experienced by Google Account holders, wherein, they will be notified in case the access of their email falls out of the usual geographic region where it is usually accessed. For example, you reside in the Philippines, and never once opened your account elsewhere. Then suddenly, someone was trying to access your account in Ukraine. Google prompts you of such development, and disallow access to the email.
Okay, so now back to my story.
In this scenario, my friend has two-factor authentication enabled. He has his phone, as a trusted device, which is a “something you have” under the authentication scheme, and he has his FaceID, which is a “something you are.” But even then, it was easy for him to make the purchase, since, his card information is already logged into the phone. Without the two-factor authentication, the wrongful clicking of the option would have immediately consummated the sale. But the added FaceID would have prevented the transaction if only the phone was not pointed at his face.
In general, the point is, in order for more security, on your devices, most especially, in the advent of mobile baking, it is important, to have your two-factor authentication on.
This ensures that every transaction you entered into is authorized by you. The one-time-pin (OTP), used by banks, is part of the multi-factor authentication scheme, this can be categorized as “something you know”. That’s is why you should not share this with anyone.
Coupled with the device in your hand, which is “something you have,” alongside with the OTP, “something you know,” facilitates a two-factor secure transaction, be it just opening your email accounts, or money transactions with your bank. Always heed the advice of the banking institutions that often send out advisories via messages.
This two-factor, OTP sending scheme, might seem like an inconvenience, and admittedly not as elegant as a FaceID, but this two-factor authentication enables better security for you.
The more security authentication factors you have the more secure your accounts are. Since, even if your password gets compromised, you still have another layer of protection.
Think of it as a vault, within a vault. One key is not enough.