Think about the ways people recognize you in person in your daily life – at the bank, airport, even at your friend’s house when you ring the doorbell. You prove your identity by providing an ID, saying something so they hear a familiar voice, or letting them see your face.
It’s more difficult online. It’s called authentication, and it’s been an ongoing challenge for businesses and consumers alike. When you’re online, businesses can’t compare your photo ID to your physical appearance to confirm it’s actually you giving them the credit card for payment. So, since the early days of the internet, the online proof process has hinged primarily on 2 pieces of information – your username and a password.
Today, the game has changed, and smartphones have a lot to do with that. Advances in technology have given organizations easier and more accurate ways to “authenticate” their users and customers. The beauty is that you are likely already using some of them without knowing it.
Here are a few different examples of common methods used today to help with authentication.
Biometric – This method depends on your physical features to verify your identity. If you have a newer smartphone, you’re probably familiar with using your fingerprint or looking into the front-facing camera to log in to your device or certain apps.
Geolocation – Location information can help a security app determine if you’re connecting from a common or logical location. It can flag to you when there’s an attempt to log in from somewhere that is not a place it thinks you should be.
Trusted device recognition – Similar to geolocation, this is about what is typical. If you typically log in from a specific smartphone or computer, your account can flag when a log-in attempt is coming from a device it’s not used to seeing.
Authentication apps – Some services provide the option of using separate apps that are associated with a verified device. Access requests are directed to the app that is associated with your device, and if someone else tries to access your account using a different device, the app will know and block the attempt.
SMS/Email confirmation – This is one you’re probably familiar with. A one-time PIN is sent to your device via text message or email, and you input the code you received to verify you have access to that device.
Passwords and passphrases – These are still at the heart of most authentication strategies and are based on verifying that you (and only you) should know the credentials. See our guide on how to make your passwords better.
As you can see, a few of these methods happen behind the scenes, but they can go a long way to helping you be more secure. Many companies and services enable something called multi-factor authentication (MFA). This means they could require a mix of the above to prove who you are.
The idea is essentially to create a puzzle in which you need every piece to gain access, making it harder for the bad guy to break into your account. A bad guy can be prevented from getting access to your account if they are unable to create each piece of the puzzle. As a result, your account is safer. Users often need to proactively opt into MFA, and that is highly recommended if it is available.
It’s important to understand and embrace as many legitimate authentication methods as you can. That added security is in place to protect you and your account information.