Typically, users login by entering 2 factors – i.e. a username and a password. For a lot of web sites, the rule is to make the username an email address. I suppose that makes it easier to respond when the user loses there password. 🙁

These days, 2 factors is not enough; so a lot of web sites are going to multiple factors for logging in securely. For example, you can add a 3rd factor, which could be one of the following:

• Text message to a mobile phone
• Phone call to a telephone number
• Random numbers generated by an Authentication App
• Biometric response – e.g. a fingerprint reader

The web sites for our Churches need to be secure. So perhaps it makes sense to add multiple factors for login to your staff’s accounts. But is it appropriate to ask Church members to use Multiple Factor login? Please comment if your Church is doing that.