Tumblr has moved to beef up the security of the blogging platform on Monday by implementing a two-factor authentication, though the shift is not unprecedented as the technology landscape is constantly bombarded by threats against individual users.
Search giant Google took the lead in 2010 by offering the formerly known two-step verification process of controlling access to its email service Gmail. In 2011 onwards, social media titan Facebook followed suit, sending the wave of two-factor authentication into other major tech companies such as LinkedIn, Microsoft and Twitter.
Tumblr users are able to use the increased security measure through a unique code that can be sent to their mobile phones or via an authentication application. Users may need to enter these single-use codes on every login or when you are using a new device. Other services may also require users to refresh the authentication every 30 days.
There is also a system that comes as a combination of VPN and two-factor authentication. It works by requiring users to first connect the VPN before getting access to the remote network, which in turn requires a token. The token can be rendered by a mobile app each time users need it to supply the VPN token dialog with the required code.
However, others users are complaining that the system is a bit cumbersome. What happens when you lost your phone? It is also consuming a great portion of time because sometimes the codes take minutes before they reach your inbox.
But, in general, the verification process currently does not seem to be of high priority to these companies. The security system is being implemented just as an optional feature, not a mandatory component of a user’s account.
So far, two-factor authentication remains the best option for protecting various online transactions as cyber hacking and theft of humongous scale proliferated in recent memory. Using this security feature prevents attackers from penetrating accounts, even if they have successfully cracked or obtain the password.
But, to begin with, why does it have to take a two-tiered security feature to counter threats? The users still have the primary responsibility to strengthen the initial stage of security by getting rid of predictable passwords such as “123456”, which turned out to be the most widely used password in 2013. We have seen in recent months a series of attacks that victimized companies and individuals who were using Google apps.
The end-users themselves must reset their minds to the default two-factor authentication setting. In the end, the strength of security relies on the weakest part of the chain, which is the user.
Tony Hewitt says
With more and more lower security sites being hacked open, the age old problem of users with the single password is becoming a serious issue.
We have all been guilty of using one or two passwords for all of our accounts I am sure, but the time has come to take action and either use a single password management system or as you point out more sites need to adopt two factor approach.