After the Heartbleed. It May Be Time for Two-Factor Authentication - Technologist
Technologist - The FindLaw Legal Technology Blog

After the Heartbleed. It May Be Time for Two-Factor Authentication

You're probably all heart bled out, but further news of the biggest Internet security failure is worth noting. So now that the patches are up, and we can shop online and check our email without fear (fingers crossed), it's time to have a little chat and do a -- excuse the phrase -- post mortem on Heartbleed.

We know you went to law school because you hated math, but here's a winning formula of what the not-so-distant future looks like, that even you can get: Password + (option 1 below) or (option 2 below) = Secure Two-Factor Authentication.

Passwords Are So 2013

If Heartbleed made one thing clear, it's this: "Passwords are dying. All of them," says Inc. No matter how much effort you put into crafting the strongest logic-defying password ever, technology and the creation of algorithms move just too fast. So what are we supposed to do? Add two-factor authentication. Put simply, two-factor authentication requires two things: a password, and something else.

The "something else" can be one of several options that fall into two categories: things that you have with you, and things that you are, explains Inc. What the "something else" is will depend on service providers. Google already has this feature enabled, but one thing is clear -- more service providers need to start requiring two-factor authentication. There's no way around it if we want to avoid the next ... (insert fancy branded security bug here).

(1) Smartphones and More

Most commonly used, devices that we carry are becoming the second step in two-factor authentication, mainly our smartphones, though tokens and USB devices can also generate secret codes. Basically, a code will be sent to you via SMS message, or if you don't have cell service there is the Google Authenticator app.

(2) Of Cyborgs and Cylons

The other option is to use biological information such as fingerprints (like Apple's iPhone 5), facial recognition, or even our heartbeat, reports Inc. Though not fully developed, you can bet there will be more research and money put into this area post-Heartbleed.

Heartbleed, more than anything, was a wakeup call to all of us -- we are simply too vulnerable using our easy-to-guess passwords. If we want to enhance our online safety and protect our identity, then providers are going to have to offer two-factor authentication -- and we should demand it.

Enjoy the latest legal news from our blogs? Keep up with the latest legal docs on Scribd.

Related Resources: