Passwords are simply not secure as evidenced by numerous password breaches and numerous hacks. Identity theft is increasingly common and increasingly harmful, so we need to evolve our security sooner rather than later. Multi factor authentication is a great way to improve security. In essence, we would augment our current password system with an additional factor (something the user possesses—like an RSA token or ATM card—or something unique to the user’s person—like a fingerprint or retina scan).
Already, many companies distribute RSA fobs that cycle through a unique series of numbers; whenever an employee logs in with the correct password, a secondary check is issued and requires that the user input the number from the RSA device. A few banks offer this system, and Google brought the same idea to their authentication system.
Recently, I started using the Google system and I’m pleased overall; however, I know that we can do better. Why require the user to type in an ever-changing key when we can get at that information another way? That is, use the user’s phone to verify their location and only allow logins from known locations.
That simple idea is the basis of a company started by my friend and grad school peer, Evan. Toopher is two factor authentication made easy. For my convenience and security, I hope that sites use Toopher!