contadores de paginas web Saltar al contenido

The third factor of authentication is it necessary?

tercer factor de autenticacion

Most internet companies and services are looking for users to enable two-step checks to add an additional layer of security this way.

It is something that they have been taking very seriously and for which they have invested many resources since they seek to increase the level of security without losing at the same time the usability or comfort of access.

It has also become almost indispensable after the numerous password leaks that have occurred in recent times, affecting all kinds of sites and even giants like Yahoo.

There is a site called haveibeenpwned.com created by a security specialist that collects information about all these leaks, there one can enter their email address to check if they have ever been exposed and would say that most of us have at least one account that is has been compromised.

The key to double-checking is that in addition to entering a password, something that could be stolen from us relatively easily, a second step must also be completed with something that we have and is more complicated to steal.

Generally this second step is the entry of a random PIN that we receive in our mobile, a confirmation through an App that we must have installed and even the connection of a USB key in the equipment.

The accesses can also be reinforced with notifications that are received every time someone accesses a system, even when it is we who access it. This may seem annoying to many users, but it would allow detecting unauthorized access in a simple way, something that can also be done through access or activity logs such as Outlook and Gmail.

In this way we can be calmer, although these second factors are not infallible either. For example, it would be enough for someone to have physical access to our mobile phone or to infect it to violate it.

That is why for a long time we have been talking about a third authentication factor, in this way the first will be something that we know, the second will be something that we have and the third could be something that we are.

In this last group some technologies such as fingerprints, facial, voice and even iris identification are already in play, it could also be possible to implement some geolocation system or devices that must be in the same place (for example, the mobile phone together to a smart watch).

There are many alternatives that could work as a third factor and will ensure, to a certain extent, that the user who enters the first two data is the real user and not a cybercriminal.

For the vast majority it may seem an exaggeration to add so much security for a simple login, but when handling sensitive or confidential data it is something necessary and that many people will surely use.

At the moment most services only offer two verification steps, so if you are not using them this would be a good time to activate them.