SASKATCHEWAN RESEARCH COUNCIL
Why Two-factor Identification is
a Good Idea and How it Works
Advice for business owners
As the digital age continues to expand and our everyday
tasks (e.g., emailing, banking, online storage) continue
moving to the cloud, there seems to be never-ending requests
for new login usernames and passwords.
For cloud service providers (those that o!er free email, banks, credit
card companies, business sites) and your workplace, you likely need a login
username and password to access your data. (And your home computer
and personal devices should have login credentials enabled, too!)
Password requirements vary from one cloud system to the next and in
some cases, there are no format or length requirements. Herein lies the
problem for you (and your workplace) – it’s an opportunity for hackers to
gain access to your con"dential information.
Cloud application providers with no requirements for their password
lengths, composition or expiration (i.e., length of time before you need to
change your password) allow you to use the same login username and password
at multiple sites. #e problem with this is once one site is compromised
and your password is exposed, hackers can start using your login info
at other sites (e.g., targeting popular social networking sites).
So, although these providers might be easy to access, the risk is greater
than the bene"t of what you’re signing up for.
Ideally, websites will require password length, composition or expiration,
but of course this creates a new problem: “How do I remember all my
di!erent login credentials?”
One simple solution is to write them down and stick them to your monitor
or under your keyboard. It’s probably not the worst solution to maintain
your list, but also not the best since hackers and thieves know where
to look for this info at places of business or homes. #ere are also password
protection/generation applications, but the best ones come at a price.
So, what can a business or each of us as individuals do? #is is where
a subset of multi-factor authentication, called two-factor authentication,
helps prevent the unauthorized use of your login username and password.
If you think of your password as the "rst “factor,” then adding one more
step is the second or “two-factor.”
#e “two-factor” can be based on something you “know” or “have” or
“are” or somewhere you are.
Something you “know”
#e simplest to set up and the most commonly available to consumers (nonbusiness
solutions) is the something you “know.” #is is usually o!ered by
By Chuck Ingerman, Saskatchewan Research Council
OLEKSANDR OMELCHENKO / 123RF
thinkbigmagazine.ca | Quarter 2 2021 | Think BIG 47
/thinkbigmagazine.ca
/thinkbigmagazine.ca