It seems like consumer data is compromised in some massive data breach every other week. You should expect the companies you do business with to do everything possible to prevent data breaches and protect your data, but it's unreasonable to believe it will never happen. It's up to you to take additional steps to protect your own data, and minimize the potential fallout from a breach as much as you can. One of the best ways to do that is with two-factor authentication.
Dairy Queen and Kmart are just two of the more current examples of major retail chains that have had their point-of-sale systems compromised--resulting in attackers' capturing sensitive customer data. Target, Home Depot, and UPS have also been victims of recent data breaches. Personal information and credit card data from tens of millions of consumers is now in the hands of criminals, and at risk of being used for fraudulent activity or identity theft.
Whenever a breach occurs, there are calls to use strong or complex passwords, but passwords alone can't protect you. The Verizon 2014 Data Breach Investigations Report found that two-thirds of breaches are the result of weak or stolen passwords.
Authentication--the process of verifying your identity--comes down to three essential things: something you know, something you have, or something you are. It takes at least one of these to prove you are who you say you are. For better protection, though, you should use two-factor or multi-factor authentication that includes at least two different methods of authentication.
The problem with using just something you know--like passwords--is that it can be shared, guessed, or cracked. A username and password might seem like "two factors," but they're actually both something you know, and the username is often predictable or trivial to guess, leaving you with just a password.
Google, Apple, and Microsoft have all implemented some form of two-factor authentication for user accounts. In order to add new devices, or access or change information on the account, users with two-factor authentication must also enter a code of some sort that is sent to the email address or phone number on record for the account. Even if your password is compromised, and an attacker attempts to access your account, odds are less likely that the attacker has already hacked your email account, or happens to be in possession of your mobile phone.
Some credit cards contain an embedded chip that serves as an additional authentication mechanism. An attacker may capture the magnetic stripe data, and be able to create a clone of a simple credit card, but without the associated chip the credit card won't work. Chipped credit cards are widely used in Europe, but are just beginning to be introduced in the United States.
Sign up for Computerworld eNewsletters.