With all the stories in the media regarding customer accounts being hacked, it makes me wonder what type of authentication protections those merchants have. Of course, the big buzz in security is to enable two-factor authentication wherever possible. I agree … in fact, all my social media accounts (including WordPress), has some type of two factor authentication.
Thanks to Google Authenticator, when I go to Google, WordPress, or Evernote, it will ask me for a second factor of authentication. First is the password on the web site. Once I authenticate there, then it asks me for a second authentication, which I locate on the Google Authenticator app that is on my phone (and only on my phone). Other sites have their own individual two factor authentication scheme. With twitter, when I am prompted for a second authentication, it alerts me on my phone, and I simply do one click on the phone, then it allows the app through. On Facebook, I go into the Facebook app on the phone, and look for the code authenticator, then punch in that code. So as you see, no outside hacker would be able to authenticate as me. The only concern is what if they stole my phone … well, that’s another issue.
For any online merchant, where you would log in for sensitive data, two factor authentication, IMHO, is a must. So Target, Starbucks, why oh why don’t you adopt two-factor authentication? This could have prevented customers having their accounts drained. Now, I’m not saying it would never happen, but it surely would reduce the likelihood of having your account drained, due to someone hacking into your account.
This is one reason why I cringe when I see someone pay at Starbucks with their phone. Even if you have a cute password, it can be hacked. I use a password generator, and I have it changed on a periodic basis. Will this prevent being hacked? No, definitely not, but it’s all about making it harder for someone to hack you. It’s just like locking your bike to a bike rack. Will it prevent someone from stealing your bike? No, but it will make it harder to do.