Let’s be honest. Your password is probably “password123.” Or your dog’s name followed by your birthday. And you’ve been using it for every single account you own since the dawn of time. I get it, remembering a bunch of complex passwords is a pain. But so is a data breach. We need to talk about authentication.
Authentication is just a fancy word for proving you are who you say you are. Passwords are a part of that, but they’re not the only way, and they’re definitely not the best way on their own.
The Three Factors of Authentication
Security pros talk about authentication factors. There are three of them, and for good security, you should be using at least two. This is called Multi-Factor Authentication (MFA). It’s way more secure than just a single password.
- Something you know: This is the most common one. Your password, a PIN, or a secret question. It’s information only you should know. The problem is, this information can be guessed, stolen, or phished.
- Something you have: This is a physical or digital item in your possession. Think of a security token, a smart card, or a one-time code sent to your phone. It’s a second layer of security because an attacker would need to steal your physical item to get in.
- Something you are: This is a biometric factor. It’s based on your unique physical traits. Your fingerprint, a retinal scan, or even facial recognition. It’s hard to fake because it’s a part of you.
You might be familiar with MFA from your banking app. You enter your password (something you know), and then the app sends a code to your phone (something you have). You need both to log in. That’s a simple and effective example.
Password Management: The Hard Truth
I’ve already told you to stop using simple passwords. But how do you remember a different 16-character password with letters, numbers, and symbols for every single site? You don’t. You use a password manager.
A password manager is a secure tool that creates, stores, and manages all your passwords for you. You only have to remember one master password to unlock the manager. It’s a game-changer. It means you can have a ridiculously complex password for every account without having to write them all on a sticky note under your keyboard.
Also, don’t reuse passwords. If one site gets breached, and you’ve used the same password on five other sites, a single attacker can get into all five. That’s why we see so many “credential stuffing” attacks where hackers use stolen passwords to try to log into other services. Don’t be the low-hanging fruit. Turn on MFA everywhere you can. Use a password manager. Your future self, the one who hasn’t been locked out of their accounts, will thank you.