Passwords Part 3: “Why do companies text me codes when I just want to log in on their website?”


“Why do companies text me codes when I just want to log in on their website?”

I know, this can be annoying; the seemingly constant barrage of texted codes to input just to be able to sign in.

Let’s talk about 2-Factor Authentication :

What is it?

In the world of IT security, there are multiple ways to authenticate (that is, validate you are who you say you are). We split these up into three factors:

  1. Something you know (like usernames, passwords, social security numbers, etc.)

  2. Something you have (like keys, cell phone, access cards, etc.)

  3. And something you are (in use with fingerprint or eye scanners, etc.)

So two-factor authentication means using two of the above 3 things. By far the most popular is a combination of passwords (something you know) and text message codes (something you have, cell phone).

“okay okay, but what does that do besides annoy me?”

In short - a whole lot!

Imagine you’re a hacker in Russia (a popular hacker spot these days), and you have the user name and passwords for tons of Americans’ online banking systems. Sure, individually they may or may not have a lot of money in there, but if you log into all of them, you can pull a pretty sweet amount of money back to you, over in Russia, right?

Wrong! Most banks force two-factor authentication on you, and with good reason.

Now that you need more than the password to be able to log in, that person in Russia has little to no chance of successfully logging in. They may have your password, but they don’t have your cell phone, which is likely in your pocket or purse. So, they’re out of luck, and your money is safe.

More and more websites have turned to 2-factor authentication because of how much more secure everything is when they use it. If they give you the option, you should enable it. It may be a minor inconvenience for you, but it is a very successful shut-down for would-be hackers.

So, the next time you’re in a rush and you have to receive a code, you might still be annoyed, but at least you can feel secure knowing that would-be hackers are having a worse time than you are with this whole system.

Want to know more about passwords? Check out Parts 1 & 2 of the password blog entries!

Recent Posts