While these situations and others like them are the result of various underlying security issues, the reliance on only a username and password to authenticate an individual's identity does not provide enough security for sensitive data. Two-factor authentication requires that two different methods of authentication be used for added security. By requiring something in the user's physical possession like a smartcard, or relying on a unique characteristic of the individual like a fingerprint in addition to the username and password, security is improved and attackers are unable to steal an identity or impersonate a user by simply compromising their username and password. You can learn more about two-factor authentication by reading What is Two-Factor Authentication?
Using Two-Factor Authentication
From Tony Bradley, CISSP-ISSAP, About.com GuideFebruary 12, 2009
In the past year or so there have been a number of examples of situations where a simple username and password have proven to be insufficient for security. During the Presidential campaign last Fall Republican Vice Presidential nominee Sarah Palin's Yahoo email account was broken into. French President Sarkozy has been the victim of unauthorized access to his bank account. More recently, Monster.com experienced a data breach compromising the usernames and passwords of Monster.com users.
Related Articles
Explore Internet / Network Security
©2012 About.com. All rights reserved.
A part of The New York Times Company.
2-Factor authentication is indeed critical to securing data and IT resources. Without it, all the encryption and network monitoring in the world won’t help you — if something is protected only by a password, then it can be compromised without detection simply by stealing/guessing/buying/finding that password. SafeTelework.com is a great example of a remote access service that has 2-factor authentication built in. Other systems can be secured by products from RSA or Entrust. Whatever you do – do something!