The username and password process is very tenuous at best. While the process seems to do its job for the most part, it still has so many holes in it. These are the holes that are found all of the time and exploited by the black hat hackers of the world. You can never discount the creativity in people when they really want to accomplish something. And you can see this creativity at work when you see hackers attacking a system.
To be able to counter the creativity of the black hat hackers out there, the good guys have to be creative as well. They cannot just sit by and not be proactive when it comes to stopping security threats. That does not work and it leaves you playing defense all of the time. No, if you want to be able to stop the bad guys out there you must be willing to get on the ground and play dirty with them.
One of the most creative solutions that we have seen recently is the adding of two factor authentication to web sites. Every day we are seeing more and more web sites adding this type of security to their web services. One of the biggest names in email, Gmail, was one of the first major companies to use the new two factor technology. Now another big email company, namely Yahoo, has added the security feature to their repertoire as well.
What does two factor authentications do?
In the normal password and username process, the person inputs these two pieces of information into a form on a web site. The information is then sent to a server, verified, and if correct is sent back to the browser. The user is then confirmed and they are allowed into the web site. With two factor authentication an extra step is added. Once your username and password has been accepted they now send a security question at you. This security question is a little harder to guess by the bad guys. And if the bad guys guess is wrong and the IP address is questionable, the site will lock out that IP address. That is in some cases.
These extra steps really magnify the security of web sites on the net.