You're probably all heart bled out, but further news of the biggest Internet security failure is worth noting. So now that the patches are up, and we can shop online and check our email without fear (fingers crossed), it's time to have a little chat and do a -- excuse the phrase -- post mortem on Heartbleed.
We know you went to law school because you hated math, but here's a winning formula of what the not-so-distant future looks like, that even you can get: Password + (option 1 below) or (option 2 below) = Secure Two-Factor Authentication.
Passwords Are So 2013
If Heartbleed made one thing clear, it's this: "Passwords are dying. All of them," says Inc. No matter how much effort you put into crafting the strongest logic-defying password ever, technology and the creation of algorithms move just too fast. So what are we supposed to do? Add two-factor authentication. Put simply, two-factor authentication requires two things: a password, and something else.
The "something else" can be one of several options that fall into two categories: things that you have with you, and things that you are, explains Inc. What the "something else" is will depend on service providers. Google already has this feature enabled, but one thing is clear -- more service providers need to start requiring two-factor authentication. There's no way around it if we want to avoid the next ... (insert fancy branded security bug here).
(1) Smartphones and More
Most commonly used, devices that we carry are becoming the second step in two-factor authentication, mainly our smartphones, though tokens and USB devices can also generate secret codes. Basically, a code will be sent to you via SMS message, or if you don't have cell service there is the Google Authenticator app.
(2) Of Cyborgs and Cylons
The other option is to use biological information such as fingerprints (like Apple's iPhone 5), facial recognition, or even our heartbeat, reports Inc. Though not fully developed, you can bet there will be more research and money put into this area post-Heartbleed.
Heartbleed, more than anything, was a wakeup call to all of us -- we are simply too vulnerable using our easy-to-guess passwords. If we want to enhance our online safety and protect our identity, then providers are going to have to offer two-factor authentication -- and we should demand it.
Enjoy the latest legal news from our blogs? Keep up with the latest legal docs on Scribd.
- Onion's Twitter Gets Hacked; Still No Two-Factor Authentication (FindLaw's Technologist Blog)
- We Asked and We Received: Twitter Gets Two-Factor Authentication (FindLaw's Technologist Blog)
- Lawyers: Change Your Password. Now. Seriously. Do it. (FindLaw's Technologist Blog)