Securing Identities: Two-Factor Authentication in the Hacking Age February 9, 2016 by Eric Schreiner customer profile data, security, social login, two-factor authentication Global privacy issues, data breaches, and security concerns are common headlines these days. More than 357 million people have been negatively impacted over the last two years by data breaches at some of the world’s largest consumer brands. More recently, Amazon made big news after it was revealed the retail giant allegedly released sensitive information about a customer as the result of a simple and rather embarrassing social engineering hack. This is yet another stark reminder that hackers have many tools in their arsenal, and how protection of consumer data by companies who store that information must be a high priority issue both at the C-level and across brand marketing. Social engineering presents unique challenges when it comes to protecting consumer data. Even companies with strong security practices are vulnerable to these attacks because they target the weakest link in the chain: people. The single most effective countermeasure against these attacks is awareness training for support employees with access to sensitive consumer information. While much of the security falls to the companies that actually store consumer data, there are steps consumers can take to safeguard their private information stored in the cloud. For example, as difficult as it may be to believe, ‘123456’ is still one of the most common passwords in use today. Please don’t do this. Some consumers also still use the exact same password for multiple sign-ons, which amounts to basically just opening the door to your data. This is where social login can make all the difference. Rather than creating a new password for every website, just reuse an existing identity (e.g. via Facebook or other social platforms) and you’ll have fewer passwords to remember. Definitely make sure that identity is well secured with a strong password and, ideally, two-factor authentication. Marla Hay, Janrain director of product, discussed the benefits of two-factor authentication in a previous blog post. Two-factor authentication can help thwart social engineering attacks since a cyber-attacker who gets your password would also need that second factor at the time of the attack, which is typically sent only to your personal mobile device. That’s not to say two-factor authentication is bulletproof, but it certainly makes it much more challenging for an attacker to gain access. Many large identity providers currently support two-factor authentication, and this can be an especially important feature for your primary email account (e.g., Google, Yahoo!) or accounts that hold your credit card information (e.g., PayPal and Amazon). With more and more personal consumer data being stored in the cloud, unlocking exciting and engaging services for consumers, the balance between security and usability must constantly be monitored. This burden is shared by both the business storing information on behalf of consumers as well as consumers themselves. For more details, download Janrain’s white paper on security and usability here.