AllBusiness.com

Two-Factor Security: Google's Got It, So Why Doesn't Your Bank?

FinanceLegacy

Online security really hasn't changed much over the years. You have a user name, you have a password, and that's about it.

And if somebody happens to steal or eavesdrop on those login credentials, you're screwed. It's really that simple.

If you have ever worked for a large company, however, you might know that it's not always that simple. Enterprises have long used a technique called two-factor authentication to deliver stronger account security. Besides a regular password, you need something else -- a fingerprint reader, for example, or a magnetic swipe card -- to prove that you're authorized to log into a system.

It's often described as security through a combination of "something you know" (e.g. a password) and "something you have" (e.g. your fingerprint or a card you carry).

Two-factor authentication is very, very good at keeping systems secure. And while it can be costly and complicated to implement, it doesn't have to be. Google, for example, just rolled out the technology to all of its users, and I plan to start using it immediately.

Here's how it works in a nutshell: When you log into a service like Gmail or Google Apps, you'll have to enter your usual password plus a special code sent to you via wireless text message or smartphone app. The code only works for a few minutes, so if it's stolen it's useless.

How you use the service really depends upon where and how you work. You can set it up to authenticate a system like a desktop PC just once, so that you're not constantly checking your cell phone for a new code.

If you're traveling, however, maybe you do just that -- require a new code every time you log into Gmail. That way, if somebody makes off with your laptop, they won't have access to your email or online documents.

The setup process for two-factor authentication takes a few minutes, and there are some wrinkles for overseas users and other special cases. But for 95 percent of all Gmail users, it's fairly quick and painless. And yes, there are backup procedures in place in case you lose your cellphone or can't download the code.

Should you bother using two-factor authentication? I'm going to use it because my Gmail account is so important to both my personal and business affairs; I can't afford to let anyone compromise it. If your email account is of little value to you and your business, then your mileage will vary.

If you do run a business, however, and rely upon Google's email and other services, then I think it's foolish not to take advantage of the system's extra security.

All of this raises another big question, by the way. There's another kind of online service that none of us want to see compromised: banking. So why don't the nation's banks offer (or require) two-factor authentication for their users? Why is Google leading the way here, rather than Bank of America or Wells Fargo?

I think it's a good question. And I think the banks -- and the banking regulators -- need to figure out the answer.

Profile: Matthew McKenzie

Matthew McKenzie has nearly 15 years of experience as a writer, editor, and analyst covering virtually every aspect of the business technology market. His work has appeared in a number of major print and online publications, and he has also worked with business clients to create effective Web content and marketing strategies for their companies.