Doin’ the Two-Step

Doin’ the Two-Step

Did you know that your bank, mortgage company, email provider, and utilities company are all inviting you to get gussied up to go boot scootin’ across the cyber-dancehall floor? Have you been turning them down, hiding in the barn, pretending like you don’t need to take an extra step or two to protect your data? Well, I’m here to tell ya’ll that if you haven’t paid two-step or two-factor authentication any mind, then stick around and let me tell you how cuttin’ your own firewood will warm you twice.

You see, when your financial institution or service provider asks you to take that extra step to establish a personal identification number (PIN), enable text verification, register your fingerprint, or do anything else besides set up a basic username and password, then they are only trying to help you keep your data safe as Granny’s snuffbox by enabling two-factor authentication, otherwise known as strong authentication.

The way you get from here to past yonder is to combine two out of three completely different things: something you know, something you are, and something you have. So if you’re an ol’ cowhand who knows August ’18 was so dry the catfish were carrying  canteens, and you are using two old creased hands to repair the barbed wire, and you have an app on your phone that generates a random token every 30 seconds (that your niece downloaded for you the last time she visited from Texas A&M), then that right there is everything you need to do the two-step all over the dancefloor!

This is because something you …

  • Know is how dry the weather was last August was, which can be your easy-to-remember passphrase, 18augustr@n+hewelldry!;
  • Are is the fingerprint on your ol’ leathery hand; and
  • Have is the token generator your niece installed on your phone.

Combine two of those things to access a system, and you're dancin’ away! Another example would be to set up your login to include a fingerprint and a lock pattern, which is possible on most cell phones today. However, if you only establish a password and a PIN #, then that’s single-factor authentication, because it is two of only one factor, something you know.

An example of an app that provides a token (something you have) is Google Authenticator. After entering your username and password, it provides a one-time-use code every 30 seconds to complete the authentication (login) for your Google account. Most institutions are jumping on the hay wagon to implement strong authentication. If you haven’t done so already, then tighten up the slack in your rope by taking advantage of it.

Well, gotta put the rag on the bush now. But before I head for the wagon yard, just remember that the next time a cowboy or filly offers you their hand to dance, then don’t be shy or let the chance blow past you like tumbleweed! Get on out there and do the two-step! You’ll be fine as frog fur knowing that you took the extra steps to protect your data. And when you need help, remember we’re only two hoots and a holler away. Because as long as we got a cyber biscuit, you got half.

(Credit for all of the colorful Texas expressions goes to Texas Monthly Magazine.)