The Internet was never constructed with security in mind and the prevalence of passwords as an identifier and authenticating tool has been exploited by hackers and identity thieves many times including the infamous hacking last year of nude celebrity photos. In some instances by using the “forgot password” link on Apple’s iCloud,, the hacker answered the security questions and was able to reset the victims’ passwords and gain access to their iCloud accounts. In other instances, the photos were stolen by directly hacking the phones. Passwords, in general have been found to be vulnerable to determined hackers. A security improvement on passwords is dual factor authentication. With dual-factor identification, your password is only the starting point for accessing your account. After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account. Had Jennifer Lawrence and the other celebrities whose nude photos were hacked used the dual-factor identification protocol, they would still have their privacy.
Now, Yahoo has announced that it in the future it will eliminate passwords as an authenticating tool and instead will use a new Account Key option through which people can access their Yahoo account by using a code sent to their smartphones each time they wish to securely access their emails. This is definitely a step in the right direction and a number of companies already use dual factor authentication, however, it should not be thought to be a panacea that will provide total security. Hackers have already managed to crack dual factor authentication through such tactics as installing malware on the victim’s computer that permits it to piggyback on the web session being done by the victim who has used his or her dual factor authentication program to be able to access his or her account.
Dual factor authentication is certainly an improvement over merely using a password as the sole manner of authenticating the use of an online account, but it is far from foolproof. Never underestimate the power of a fool. However, certainly by using dual factor authentication, you remove yourself from the category of low hanging fruit and make yourself less attractive of a target to hackers. As much as I think we all should use dual factor authentication, I also want to remind everyone that one of the best things you can do to protect yourself from hacking and identity theft is to refrain from clicking on links unless you have absolutely confirmed that the link is legitimate. Being lured into clicking on malware infected links through phishing and spear phishing is still the number one way that hackers manage to install malware on your computers, smart phones and other devices.