Authentication methods and stronger security in Google and Facebook

Authentication is the process of identifying an individual, an artifact or something that needs to be identified. We “practice” authentication every time we log in to an account, for example, our computer operating system, hotmail or facebook accounts, a bank application and more.

When we talk about authentication we usually deal with one of the three general options available:

  • Something that you know: This is the most common method everywhere. We just have to know “something” and remember it each time we need to log in to an account. Usernames, passwords, NIPs, all of them are “things” we know and we type them when we want to access our accounts. The weak behind this method is that if someone else knows this information, that person could access our accounts in the same way as we do.
  • Something that you have: This is a stronger method than previous one. Here you need to possess something in order to be able to log into the system. Tokens and security cards are examples of this kind of authentication. When you want to access, the system requests something that you will find exclusively in the device that you own. This could be a combination of characters or numbers, a code that you have to type, even the information inside of a card that you just have to slide or place inside a card reader. The weak behind this method is that someone can stole the device and also he will be able to access our accounts.
  • Something that you are: This is also known as “biometric” authentication. This is the strongest type of authentication and it’s usually the most expensive. When you request the access to a system some samples need to be taken from you. They can be fingerprints, retina or iris scanning, voice recognition, the writing of your signature or something that you need to provide physically, I mean, you need to be there to prove your identity. This is the strongest type because is much more difficult to copy or stole this kind of information like your fingerprints or your retina not to mention that you would need special artifacts to obtain the information.
  • In all the scenarios the information you provide is compared to a database with the information of the entities capable of access the system.

    Recently the 2 factor authentication is becoming famous on Internet. Two factor authentication is the combination of two of the above methods when authentication is required. The most common combinations are:

  • “something that you know” + “something that you have”
  • “something that you have” + “something that you are”
  • When you want to access, the system will need both elements to be able to validate your identity. You may remember bank applications where you first need to provide a password, username or account number and then you need to provide the information given by the token you have. Probably with every transaction you will need to provide again the information given by the token. These applications use two factor authentication methods.

    In high security systems and companies another two factor authentication method is used. They validate something that you have like a security card and validate something from you (personal) like your voice or your fingerprints.

    There are some popular applications and services that already use the 2 factor authentication method. Facebook and Google. The option is turned off by default in both systems but you can activate it anytime you want. In Google you just have navigate to your account settings, in the upper right corner, and there you will find an option named “Using 2-step verification”. In Facebook you have to navigate to your “Account Settings” too, then click on “Account Security” and you’ll find interesting options like “Secure Browsing” which is highly recommended to prevent “sniffing”, also “Login notifications” and “Login approvals”. This last option forces the system to send you a message to your mobile when an unrecognized computer or device is trying to access to your account. If that happens you will have also to introduce the code sent to your device.

    2 thoughts on “Authentication methods and stronger security in Google and Facebook”

    1. Thanks a lot for sharing this wonderful folks you really understand what you’re speaking about! Bookmarked. Kindly also check with my site =). We can have a hyperlink change arrangement among us!

    Comments are closed.