1
00:00:00,120 --> 00:00:00,990
In this lesson,

2
00:00:00,990 --> 00:00:02,250
we're going to talk about the importance

3
00:00:02,250 --> 00:00:04,350
of using multifactor authentication.

4
00:00:04,350 --> 00:00:07,350
So what exactly is multifactor authentication?

5
00:00:07,350 --> 00:00:08,940
Well, multifactor authentication

6
00:00:08,940 --> 00:00:11,460
means that you're authenticating or proving your identity

7
00:00:11,460 --> 00:00:13,140
using more than one method.

8
00:00:13,140 --> 00:00:14,400
For it to be multifactor,

9
00:00:14,400 --> 00:00:16,590
you have to at least two methods or more.

10
00:00:16,590 --> 00:00:18,690
You can have two, three, four, or five.

11
00:00:18,690 --> 00:00:20,700
Now, when you talk about different methods,

12
00:00:20,700 --> 00:00:22,500
we're talking about different categories.

13
00:00:22,500 --> 00:00:23,910
We're talking about something you know,

14
00:00:23,910 --> 00:00:25,680
something you have, something you are,

15
00:00:25,680 --> 00:00:27,780
something you do, or somewhere you are.

16
00:00:27,780 --> 00:00:30,090
We're going to talk about each of these in this lesson.

17
00:00:30,090 --> 00:00:32,070
Now our first one is something you know,

18
00:00:32,070 --> 00:00:33,690
and this is the most common factor,

19
00:00:33,690 --> 00:00:35,730
and it's known as a knowledge factor.

20
00:00:35,730 --> 00:00:37,680
This is because you have to know something.

21
00:00:37,680 --> 00:00:38,670
If it's something you know,

22
00:00:38,670 --> 00:00:40,800
this would be something like a username, a password,

23
00:00:40,800 --> 00:00:43,380
a PIN, or answers to personal questions,

24
00:00:43,380 --> 00:00:45,810
all of these are considered knowledge factors.

25
00:00:45,810 --> 00:00:48,060
If you know it and I can try to figure it out,

26
00:00:48,060 --> 00:00:50,160
then I would know it, and now I have that knowledge too,

27
00:00:50,160 --> 00:00:52,200
and I can authenticate as you.

28
00:00:52,200 --> 00:00:53,880
Now one of the common questions I see

29
00:00:53,880 --> 00:00:56,070
inside the Network+ exam is asking you,

30
00:00:56,070 --> 00:00:58,590
what would be considered two-factor authentication?

31
00:00:58,590 --> 00:01:00,270
Now one of the answer choices they'll give you

32
00:01:00,270 --> 00:01:02,610
will be something like a username and a password.

33
00:01:02,610 --> 00:01:03,937
Now a lot of students will see this and they'll think,

34
00:01:03,937 --> 00:01:05,790
"Hey, this is a username and a password.

35
00:01:05,790 --> 00:01:06,849
That must be two factors, right?

36
00:01:06,849 --> 00:01:08,490
Because I have two things."

37
00:01:08,490 --> 00:01:09,600
But that's not true,

38
00:01:09,600 --> 00:01:12,330
a username and password both come from this factor,

39
00:01:12,330 --> 00:01:15,000
which is known as the knowledge factor or something we know,

40
00:01:15,000 --> 00:01:17,700
therefore, it's still considered a single factor.

41
00:01:17,700 --> 00:01:20,040
Now this is not going to give you the best security,

42
00:01:20,040 --> 00:01:22,740
so instead we want to add a second factor

43
00:01:22,740 --> 00:01:25,320
to get us 2FA, two-factor authentication,

44
00:01:25,320 --> 00:01:27,480
or multifactor authentication.

45
00:01:27,480 --> 00:01:30,090
So what are some weaknesses with passwords?

46
00:01:30,090 --> 00:01:31,470
Well, the most common weakness

47
00:01:31,470 --> 00:01:33,840
is that people don't change default credentials.

48
00:01:33,840 --> 00:01:36,060
You might have a default password on a brand new system,

49
00:01:36,060 --> 00:01:37,950
like a wireless router or access point,

50
00:01:37,950 --> 00:01:39,510
and the password is password,

51
00:01:39,510 --> 00:01:41,370
and nobody ever bothers to change it.

52
00:01:41,370 --> 00:01:42,600
I've seen this time and time again

53
00:01:42,600 --> 00:01:43,890
in my penetration tests.

54
00:01:43,890 --> 00:01:45,120
Don't do that.

55
00:01:45,120 --> 00:01:46,380
Whenever you get a new device,

56
00:01:46,380 --> 00:01:48,630
you need to go in and change those default credentials,

57
00:01:48,630 --> 00:01:51,510
because default credentials are really easy to guess.

58
00:01:51,510 --> 00:01:53,760
Also, people will use common passwords

59
00:01:53,760 --> 00:01:55,560
and that becomes a big issue.

60
00:01:55,560 --> 00:01:57,210
Now when you talk about common passwords,

61
00:01:57,210 --> 00:02:00,150
that means using the same password across multiple devices

62
00:02:00,150 --> 00:02:03,540
or using a common phrase or word as their password.

63
00:02:03,540 --> 00:02:05,940
Things like love, and password, and secret,

64
00:02:05,940 --> 00:02:08,160
those things are just way too common.

65
00:02:08,160 --> 00:02:09,660
Now every year there's a dictionary

66
00:02:09,660 --> 00:02:11,670
that comes out called the attacker's dictionary,

67
00:02:11,670 --> 00:02:14,160
and it shows all the commonly used passwords.

68
00:02:14,160 --> 00:02:16,290
We can use those passwords in that list

69
00:02:16,290 --> 00:02:17,123
as part of a dictionary attack

70
00:02:17,123 --> 00:02:18,840
to be able to find your password

71
00:02:18,840 --> 00:02:20,790
pretty darn quickly in most cases.

72
00:02:20,790 --> 00:02:23,100
Now another issue we have is that people use weak

73
00:02:23,100 --> 00:02:24,510
or short passwords.

74
00:02:24,510 --> 00:02:26,580
If you're going to use something like dog, or puppy,

75
00:02:26,580 --> 00:02:29,070
or cupcake, or dog123,

76
00:02:29,070 --> 00:02:31,380
these are all short and weak passwords.

77
00:02:31,380 --> 00:02:33,000
Anything that is a standard dictionary word

78
00:02:33,000 --> 00:02:35,520
is completely bad and you should not use it.

79
00:02:35,520 --> 00:02:38,400
Anything less than eight characters is also pretty bad.

80
00:02:38,400 --> 00:02:39,870
You really want to make sure you have a nice,

81
00:02:39,870 --> 00:02:41,670
long, strong, secure password,

82
00:02:41,670 --> 00:02:43,440
and to do that, you need uppercase letters,

83
00:02:43,440 --> 00:02:45,060
lowercase letters, numbers,

84
00:02:45,060 --> 00:02:47,370
and special characters all mixed together,

85
00:02:47,370 --> 00:02:49,590
this will help increase the security of your password,

86
00:02:49,590 --> 00:02:51,900
and you want to make sure it's a long password.

87
00:02:51,900 --> 00:02:54,300
Now if you're only going to use a single-factor authentication,

88
00:02:54,300 --> 00:02:55,740
like a username and a password,

89
00:02:55,740 --> 00:02:58,560
at least make sure you're using a long, strong password.

90
00:02:58,560 --> 00:03:00,570
The reason this is that attackers know

91
00:03:00,570 --> 00:03:02,880
that they can break our passwords over time.

92
00:03:02,880 --> 00:03:04,710
There's lots of different attacks we can use,

93
00:03:04,710 --> 00:03:06,750
like a dictionary attack, a brute force attack,

94
00:03:06,750 --> 00:03:08,040
or a hybrid attack.

95
00:03:08,040 --> 00:03:09,900
Now a dictionary attack occurs when the attacker

96
00:03:09,900 --> 00:03:12,720
tries to guess the password by checking every single word

97
00:03:12,720 --> 00:03:14,490
or phrase contained within a word list,

98
00:03:14,490 --> 00:03:16,110
which we call a dictionary.

99
00:03:16,110 --> 00:03:17,310
Now an attacker's dictionary

100
00:03:17,310 --> 00:03:19,290
isn't like the dictionary you used in high school,

101
00:03:19,290 --> 00:03:21,210
it doesn't contain just real words.

102
00:03:21,210 --> 00:03:23,190
Many attacker's dictionaries contain things

103
00:03:23,190 --> 00:03:24,690
like the word password,

104
00:03:24,690 --> 00:03:25,860
but they'll also sub it out

105
00:03:25,860 --> 00:03:27,960
and have the A becoming an @ symbol

106
00:03:27,960 --> 00:03:29,610
or the S becoming a dollar sign,

107
00:03:29,610 --> 00:03:30,990
and they'll have lots of different combinations

108
00:03:30,990 --> 00:03:32,730
of these in this single dictionary.

109
00:03:32,730 --> 00:03:35,160
When the attacker tries to crack your password using a list,

110
00:03:35,160 --> 00:03:36,810
we consider it a dictionary attack

111
00:03:36,810 --> 00:03:38,190
whenever there's a list involved,

112
00:03:38,190 --> 00:03:39,930
even if they're not real words.

113
00:03:39,930 --> 00:03:42,570
So the best defense against a dictionary attack

114
00:03:42,570 --> 00:03:45,030
is to not use anything that looks like a regular word.

115
00:03:45,030 --> 00:03:47,430
Even if you start substituting in symbols for letters,

116
00:03:47,430 --> 00:03:49,080
that still looks like a regular word

117
00:03:49,080 --> 00:03:51,270
and it's probably in an attacker's dictionary.

118
00:03:51,270 --> 00:03:54,000
On the other hand, if a dictionary attack isn't successful,

119
00:03:54,000 --> 00:03:56,880
the attacker may move on and try to do a brute force attack.

120
00:03:56,880 --> 00:03:58,170
Now, with a brute force attack,

121
00:03:58,170 --> 00:04:00,240
they're going to try every possible combination

122
00:04:00,240 --> 00:04:01,920
until they figure out your password.

123
00:04:01,920 --> 00:04:04,410
For example, let's say your password was a PIN

124
00:04:04,410 --> 00:04:06,030
and it's four digits long.

125
00:04:06,030 --> 00:04:09,210
Well, the attacker could start out with 0000,

126
00:04:09,210 --> 00:04:13,140
then try 0001, then 0002,

127
00:04:13,140 --> 00:04:14,100
and they keep going up

128
00:04:14,100 --> 00:04:16,110
until they finally get your four-digit code,

129
00:04:16,110 --> 00:04:19,709
which may be something like 5246, or whatever it was.

130
00:04:19,709 --> 00:04:21,450
The thing is that with a brute force attack,

131
00:04:21,450 --> 00:04:24,060
they will always be successful, eventually,

132
00:04:24,060 --> 00:04:25,530
it's just a matter of time,

133
00:04:25,530 --> 00:04:27,420
and so the key here is to prevent them

134
00:04:27,420 --> 00:04:29,910
by creating longer and more complicated passwords.

135
00:04:29,910 --> 00:04:32,100
Because the longer, more complicated the password is,

136
00:04:32,100 --> 00:04:34,050
the longer it's going to take an attacker to guess it

137
00:04:34,050 --> 00:04:35,100
using brute force

138
00:04:35,100 --> 00:04:37,530
and going through all the possible combinations.

139
00:04:37,530 --> 00:04:39,930
For example, if you have an eight-character password,

140
00:04:39,930 --> 00:04:41,730
even if it has uppercase, lowercase,

141
00:04:41,730 --> 00:04:43,140
numbers and symbols in it,

142
00:04:43,140 --> 00:04:46,080
it will take less than a few days to crack that password

143
00:04:46,080 --> 00:04:47,730
using a decent graphics card.

144
00:04:47,730 --> 00:04:49,530
Now, if I raise that up to nine characters,

145
00:04:49,530 --> 00:04:51,540
it will take me about five days to crack it.

146
00:04:51,540 --> 00:04:53,880
With 10 characters, it becomes four months,

147
00:04:53,880 --> 00:04:55,710
11 characters, 10 years,

148
00:04:55,710 --> 00:04:58,200
and 12 characters about 200 years.

149
00:04:58,200 --> 00:05:00,360
You can see there's this exponential curve here,

150
00:05:00,360 --> 00:05:02,580
but remember, computers are always getting faster

151
00:05:02,580 --> 00:05:04,740
and better at cracking every single day.

152
00:05:04,740 --> 00:05:06,090
So all these numbers I just gave you,

153
00:05:06,090 --> 00:05:08,130
by next year, you can cut them in half,

154
00:05:08,130 --> 00:05:10,020
and the year after that, cut it in half again,

155
00:05:10,020 --> 00:05:11,850
and it'll keep going down and down and down,

156
00:05:11,850 --> 00:05:14,220
so we have to get longer and stronger passwords.

157
00:05:14,220 --> 00:05:15,420
As a good rule of thumb,

158
00:05:15,420 --> 00:05:18,120
you want your password to be at least 12 characters minimum

159
00:05:18,120 --> 00:05:19,500
for good security.

160
00:05:19,500 --> 00:05:21,270
Now the final method a hacker can use

161
00:05:21,270 --> 00:05:23,190
is what's known as a hybrid technique,

162
00:05:23,190 --> 00:05:26,220
this is a mixture of a dictionary and a brute force method.

163
00:05:26,220 --> 00:05:28,410
Now, basically, the attacker tries to gather keywords

164
00:05:28,410 --> 00:05:29,550
that would relate to your life,

165
00:05:29,550 --> 00:05:31,860
and then make their own custom dictionary list.

166
00:05:31,860 --> 00:05:33,390
For example, I might go on Facebook

167
00:05:33,390 --> 00:05:34,830
and try to find out your spouse's name,

168
00:05:34,830 --> 00:05:37,200
or your dog's name, or your favorite sports team,

169
00:05:37,200 --> 00:05:39,300
and then I put all the words related to those things

170
00:05:39,300 --> 00:05:41,100
into a custom dictionary list.

171
00:05:41,100 --> 00:05:43,860
Then my password cracking program would take that list

172
00:05:43,860 --> 00:05:46,830
and add different things to it as a form of brute force.

173
00:05:46,830 --> 00:05:48,750
For example, let's say your favorite sports team

174
00:05:48,750 --> 00:05:50,400
was the Ravens up in Baltimore.

175
00:05:50,400 --> 00:05:53,070
I might use two words as part of my dictionary list,

176
00:05:53,070 --> 00:05:54,570
Baltimore and Ravens.

177
00:05:54,570 --> 00:05:57,390
Then the program will try things like Baltimore123,

178
00:05:57,390 --> 00:05:59,490
or Ravens911, or whatever,

179
00:05:59,490 --> 00:06:01,380
and they'll substitute in symbols and numbers,

180
00:06:01,380 --> 00:06:03,750
and add things to it and make different combinations,

181
00:06:03,750 --> 00:06:05,730
trying to figure out what your password is.

182
00:06:05,730 --> 00:06:08,160
This is essentially a modified version of brute force,

183
00:06:08,160 --> 00:06:10,770
but it does speed up the time it takes to crack a password

184
00:06:10,770 --> 00:06:12,300
if I use the right keywords,

185
00:06:12,300 --> 00:06:14,040
'cause I'm giving it some sort of a starting point

186
00:06:14,040 --> 00:06:15,960
instead of picking everything out at random.

187
00:06:15,960 --> 00:06:18,180
But again, this isn't 100% effective,

188
00:06:18,180 --> 00:06:20,100
because if I choose something like Ravens

189
00:06:20,100 --> 00:06:22,080
and you didn't use that as part of your password stem,

190
00:06:22,080 --> 00:06:23,370
I'm not going to ever get there,

191
00:06:23,370 --> 00:06:25,170
because it's not a traditional brute force attack

192
00:06:25,170 --> 00:06:27,660
where I try every single possible combination.

193
00:06:27,660 --> 00:06:28,980
The next factor of authentication

194
00:06:28,980 --> 00:06:30,870
we have is known as something you have,

195
00:06:30,870 --> 00:06:32,940
also known as a possession factor.

196
00:06:32,940 --> 00:06:34,800
Now this can be something like a smart card,

197
00:06:34,800 --> 00:06:36,750
which stores a digital certificate on a card

198
00:06:36,750 --> 00:06:38,250
you have to insert into your computer,

199
00:06:38,250 --> 00:06:40,170
and then unlock it using a PIN.

200
00:06:40,170 --> 00:06:42,720
Now this means you have something you have, the card,

201
00:06:42,720 --> 00:06:44,340
and something you know, the PIN,

202
00:06:44,340 --> 00:06:46,590
so we have two factors of authentication.

203
00:06:46,590 --> 00:06:47,630
Now another thing you might use

204
00:06:47,630 --> 00:06:49,830
is something like an RSA key fob.

205
00:06:49,830 --> 00:06:51,960
Now an RSA key fob is going to change a number

206
00:06:51,960 --> 00:06:53,730
on a little device that's in your pocket

207
00:06:53,730 --> 00:06:55,590
every 30 to 60 seconds.

208
00:06:55,590 --> 00:06:57,210
Now when you go to log into your machine,

209
00:06:57,210 --> 00:06:58,890
it's going to ask for your username and password

210
00:06:58,890 --> 00:07:00,180
and a rotating PIN,

211
00:07:00,180 --> 00:07:02,970
because that PIN is provided by that key fob.

212
00:07:02,970 --> 00:07:04,380
So this means you have something you know,

213
00:07:04,380 --> 00:07:06,690
that knowledge factor, because your username and password,

214
00:07:06,690 --> 00:07:08,070
but you also have something you have,

215
00:07:08,070 --> 00:07:11,310
this key fob, by typing in that rotating PIN.

216
00:07:11,310 --> 00:07:12,960
But combining those two things together,

217
00:07:12,960 --> 00:07:15,150
I now have two-factor authentication.

218
00:07:15,150 --> 00:07:18,150
Another option we have is using something like an RFID tag.

219
00:07:18,150 --> 00:07:20,070
Now some employers have badges that you wear

220
00:07:20,070 --> 00:07:22,050
and there's an RFID tag built into it.

221
00:07:22,050 --> 00:07:23,190
To log into your system,

222
00:07:23,190 --> 00:07:24,810
you tap your badge onto the computer,

223
00:07:24,810 --> 00:07:25,860
that's something you have,

224
00:07:25,860 --> 00:07:28,410
and then you enter a PIN or a password, something you know.

225
00:07:28,410 --> 00:07:29,880
Again, this gives you a good

226
00:07:29,880 --> 00:07:31,740
two-factor authentication solution,

227
00:07:31,740 --> 00:07:33,960
something you have and something you know.

228
00:07:33,960 --> 00:07:36,390
The next factor we have is something you are,

229
00:07:36,390 --> 00:07:39,210
now this is also referred to as an inherence factor.

230
00:07:39,210 --> 00:07:41,910
Now the inherence factor is things like fingerprints,

231
00:07:41,910 --> 00:07:43,830
because only I have my fingerprints,

232
00:07:43,830 --> 00:07:46,710
or retina skin, because only I have my eyes,

233
00:07:46,710 --> 00:07:48,570
voice prints are also included in this,

234
00:07:48,570 --> 00:07:49,710
because the way I talk

235
00:07:49,710 --> 00:07:51,510
is different than the way other people talk,

236
00:07:51,510 --> 00:07:53,820
and my voiceprint is unique to me.

237
00:07:53,820 --> 00:07:56,460
Now all of these things can be used as an inherence factor

238
00:07:56,460 --> 00:07:58,050
or something you are.

239
00:07:58,050 --> 00:07:59,610
Now these are not commonly used

240
00:07:59,610 --> 00:08:01,200
like the way you see something you know,

241
00:08:01,200 --> 00:08:02,310
or something you have,

242
00:08:02,310 --> 00:08:05,040
because something you are, these inherence factors,

243
00:08:05,040 --> 00:08:07,320
are very intrusive when you're dealing with them.

244
00:08:07,320 --> 00:08:08,940
For instance, if every time I wanted to log

245
00:08:08,940 --> 00:08:11,610
into my computer, I had to put my eyeball up to a scanner,

246
00:08:11,610 --> 00:08:13,170
that's pretty intrusive,

247
00:08:13,170 --> 00:08:15,510
and I wouldn't want to log into my computer very often.

248
00:08:15,510 --> 00:08:18,330
So instead, most two-factor authentication schemes

249
00:08:18,330 --> 00:08:19,920
are going to be using something you know,

250
00:08:19,920 --> 00:08:21,330
or something you have.

251
00:08:21,330 --> 00:08:23,340
Now something you are is often going to be used

252
00:08:23,340 --> 00:08:25,140
in high-security environments,

253
00:08:25,140 --> 00:08:26,820
usually something like a door lock

254
00:08:26,820 --> 00:08:28,530
or something like that to keep people out

255
00:08:28,530 --> 00:08:30,720
of a very secure room, like a server room,

256
00:08:30,720 --> 00:08:32,700
that holds top secret information.

257
00:08:32,700 --> 00:08:35,010
Now the next factor we have is something you do,

258
00:08:35,010 --> 00:08:36,870
which is known as an action factor.

259
00:08:36,870 --> 00:08:38,520
This might be the way you sign your name,

260
00:08:38,520 --> 00:08:40,650
the way you draw a particular pattern on a screen,

261
00:08:40,650 --> 00:08:43,080
or the way you say a particular passphrase,

262
00:08:43,080 --> 00:08:45,870
all these are something you do that's unique to you.

263
00:08:45,870 --> 00:08:47,790
That action can be measured by a computer

264
00:08:47,790 --> 00:08:49,560
and used for authentication.

265
00:08:49,560 --> 00:08:52,290
Usually you don't want to use this as a single factor though,

266
00:08:52,290 --> 00:08:53,610
because it is prone to error.

267
00:08:53,610 --> 00:08:55,800
So instead you'll add it with something you know,

268
00:08:55,800 --> 00:08:57,930
and that'll give you two-factor authentication,

269
00:08:57,930 --> 00:09:00,450
because people can forge your name and the way you sign.

270
00:09:00,450 --> 00:09:02,010
But, generally, the way you press

271
00:09:02,010 --> 00:09:03,510
and the way you put pressure on certain parts

272
00:09:03,510 --> 00:09:06,030
of your signature is more unique to you.

273
00:09:06,030 --> 00:09:08,370
Our final factor is somewhere you are,

274
00:09:08,370 --> 00:09:10,500
this is known as a location factor.

275
00:09:10,500 --> 00:09:12,180
Now we do this one of two ways,

276
00:09:12,180 --> 00:09:14,730
we can either use geotagging or geofencing.

277
00:09:14,730 --> 00:09:16,050
When we deal with geotagging,

278
00:09:16,050 --> 00:09:18,150
that's going to be based off your GPS, or your phone,

279
00:09:18,150 --> 00:09:19,560
or the device you're using.

280
00:09:19,560 --> 00:09:21,720
For example, if I'm trying to log into my local server

281
00:09:21,720 --> 00:09:24,390
that uses geotagging and it's going to check my coordinates

282
00:09:24,390 --> 00:09:26,850
and my GPS and it sees that I'm sitting in Moscow

283
00:09:26,850 --> 00:09:28,500
instead of being in Puerto Rico,

284
00:09:28,500 --> 00:09:29,850
that means it's going to reject me

285
00:09:29,850 --> 00:09:31,687
because it realizes it's not Jason.

286
00:09:31,687 --> 00:09:33,990
"Jason's not in Moscow, he's sitting in Puerto Rico,

287
00:09:33,990 --> 00:09:36,480
so that person doesn't need to be on our network."

288
00:09:36,480 --> 00:09:39,630
Now the other way we can do this is by using geofencing.

289
00:09:39,630 --> 00:09:41,970
Geofencing is used more when we actually want to track

290
00:09:41,970 --> 00:09:44,280
a device and see if it's going to leave a certain area.

291
00:09:44,280 --> 00:09:45,810
And if it does leave that area,

292
00:09:45,810 --> 00:09:47,700
which is set off by GPS coordinates,

293
00:09:47,700 --> 00:09:50,130
it will then send an alert and let us know.

294
00:09:50,130 --> 00:09:51,600
So maybe we have a bunch of mobile phones

295
00:09:51,600 --> 00:09:52,830
for all of our employees,

296
00:09:52,830 --> 00:09:54,330
but we don't want them to use them

297
00:09:54,330 --> 00:09:55,890
anytime they leave our city.

298
00:09:55,890 --> 00:09:58,650
Well, we can set up GPS location coordinates

299
00:09:58,650 --> 00:10:00,150
around our city borders.

300
00:10:00,150 --> 00:10:02,220
And anytime they cross those city lines,

301
00:10:02,220 --> 00:10:03,570
it would actually send up an alert

302
00:10:03,570 --> 00:10:05,737
back to our mobile device management suite to say,

303
00:10:05,737 --> 00:10:08,880
"This person is no longer within our coverage area."

304
00:10:08,880 --> 00:10:10,860
This is basically a location factor,

305
00:10:10,860 --> 00:10:12,720
it's an additional way to provide protection,

306
00:10:12,720 --> 00:10:14,340
additional authentication in addition

307
00:10:14,340 --> 00:10:16,320
to something like a username and password,

308
00:10:16,320 --> 00:10:17,220
and make sure your devices

309
00:10:17,220 --> 00:10:19,970
are within the range of where you want them to be used.