Authentication 101
Passwords, Passkeys, FIDO, and TOTP…oh my
Table of Contents
- Introduction: It’s All About the Key
- The Basics: Passwords
- Multi-Factor Authentication (MFA)
- Password Managers
- Conclusion
Welcome to another section of my blog, where I explain topics as if I were having a conversation with my mom. Today, we’re going to tackle authentication — think passwords and logins — and explore the various options you have.
Let’s Go!
How I felt writing and looking up the newest information on authentication
Introduction: It’s All About the Key
Imagine your house. You have a key, right? That’s your only way in (unless you have a particularly trusting childhood home with a loose window). If someone gets a copy of that key, they can walk right in. Well, at its core, that’s how most online logins work.
Every time you visit a website or use an app, you’re unlocking a digital door. That’s where authentication comes in. It’s like showing your ID to get into a building. It’s how websites and apps verify that you are who you say you are, and not an imposter.
Why is this important? Your online accounts hold valuable information — your personal details, financial data, and even access to your home (if you have smart locks). Protecting these accounts is like protecting your physical wallet and home.
The Basics: Passwords
Passwords are the most common way to authenticate yourself online. It’s like using a key to unlock your digital door. But just like a physical key, a weak password can be easily copied or guessed.
People often make mistakes with passwords. Using easy-to-guess information like birthdays or pet names is a big no-no. Reusing the same password for multiple accounts is also risky. If one account gets hacked, all your other accounts are at risk.
To create a strong password, make it long, use a mix of uppercase and lowercase letters, numbers, and symbols. And most importantly, make it unique for each account.
Multi-Factor Authentication (MFA)
Passwords alone aren’t enough to keep your accounts safe. That’s where multi-factor authentication (MFA) comes in. It’s like adding a second lock to your door.
MFA requires two or more pieces of information to verify your identity. This could be any combination of 3 things:
- Something you know (like your password)
- Something you have (like your phone)
- Something you are (like your fingerprint)
Common MFA methods include one-time passwords (OTPs) sent to your phone, physical security keys, and biometric authentication like fingerprint or facial recognition.
Speaking of passwords. Do you know what Forrest Gump’s favorite password is?
1Forrest1
Let’s Dive Into MFA
Here are some of your options:
- One-Time Passwords (OTPs): These are temporary codes sent to your phone. Some apps show you a code on your phone screen after having you add a code from a QR code. You type this code in to log in. While better than a password alone, they can be less secure if your phone is compromised or if you lose your number.
Google Authenticator (left) and Microsoft Authenticator (right)
- FIDO Keys: These are physical devices that you plug into your computer or mobile device. They provide a highly secure way to authenticate yourself. Think of these as tiny, super-secure USB sticks. You plug them into your computer when you want to log in to a website. It’s like adding an extra lock to your digital door. They’re almost impossible to copy or hack.
2 FIDO keys. Google Titan on the left and YubiKey on the right
- Passkeys: This is a newer technology that promises to replace passwords entirely. Passkeys are easy to use and highly secure. Imagine a super-strong digital key that only you can use. It’s like having a fingerprint that unlocks your phone, but for all your online accounts. No more remembering tricky passwords! You can use it on your computer, phone, or even a smart watch.
FIDO keys and Passkeys are making it much harder for bad guys to sneak into your online life.
Password Managers
Now, I get what youre thinking. “Jose, how am I supposed to manage a million passwords that are all unique and complicated?”. Managing multiple strong, unique passwords can be a headache. That’s where password managers come in. Think of them as a digital vault for your passwords.
Password managers generate strong, random passwords for each of your accounts and store them securely. They also make it easy to access your passwords when you need them. Many password managers also offer additional security features like MFA and fraud alerts. A couple good places to start looking are BitWarden and if you have maybe the native password manager for your Phone’s OS, like Apple’s password manager (which also supports Passkeys).
Conclusion
Strong authentication is essential for protecting your online life. By combining strong passwords, multi-factor authentication, and a password manager, you can significantly reduce the risk of unauthorized access to your accounts.
Where you to choose to start is up to you. If you can’t decide, I recommend starting at the simplest point for you. Whether that is using your native password manager and then using Passkeys from there, or maybe you go fully into it and buy some FIDO keys online.
Remember, your digital life is just as important as your physical life. Take the time to implement these security measures and protect yourself from cyber threats.
My Overall Recommendation (Ordered by Priority):
- Use unique and strong passwords
- Don’t reuse passwords
- Use a password manager
- Enable Multi Factor Authentication (2FA or MFA) with at least SMS or TOTP app
- Consider Passkeys
- Consider physical keys like Titan or YubiKeys
Additional Tips:
- Be cautious about clicking on links or downloading attachments from unknown sources.
- Keep your software and operating system up to date with the latest security patches. (Keep your mac up to date, update Windows)
- Use a reputable antivirus and anti-malware program. (Yes, Windows Defender is fine, and great)
- Consider using a VPN for added privacy and security.
By following these tips, you can create a strong defense against cybercriminals and enjoy a safer online experience.
