TWO-FACTOR AUTHENTICATION
Data Privacy & Security
March 16, 2021
![](https://i0.wp.com/cynthiawelinga.com/wp-content/uploads/2021/03/2fa.jpg?fit=500%2C500&ssl=1)
2FA/Two-factor authentication (or Multi-Factor Authentication- MFA) is a multi-layered protection framework that verifies the login or other transaction identities of users.
Few examples of 2FA are codes created by mobile apps, answers to personal security questions, codes sent to an email address, or fingerprints.
Two-Factor Authentication, or 2FA, adds another level of authentication to the login process.
First, a user will enter their username and a password in the site/app they are trying to log into. Then, instead of immediately gaining access, they will be required to provide another piece of information.
TYPES OF 2FA
Key Fobs/ Peripherals/ Hardware Tokens for 2FA: They produce a new numeric code every 30-seconds. When a user tries to access an account, they check the device and enter the 2FA code back into the site or app.
Smartphone Solutions (Text-Message & Voice-based 2FA): They interact directly with a user’s phone. After receiving a username and password, the site sends the user a unique one-time passcode(OTP) via text message. A user must then enter the OTP back into the application before getting access. Similarly, voice-based 2FA automatically dials a user and verbally delivers the 2FA code.
Software Tokens for 2FA: Uses a software-generated time-based, one-time passcode (also called TOTP, or “soft-token”). A user must download and install a free 2FA app on their device. They can then use the app with any site that supports this type of authentication. At sign-in, the user first enters a username and password, and then, when prompted, they enter the code shown on the app. The soft-token is typically valid for less than a minute. Soft-tokens remove the chance of hacker interception because the code is generated and displayed on the same device.
Push Notification for 2FA: Websites and apps can now send the user a push notification that an authentication attempt is taking place. The device owner simply views the details and can approve or deny access with a single touch. It’s passwordless authentication with no codes to enter, and no additional interaction required.
HOW 2FA PROTECTS YOUR ACCOUNT
Two-factor authentication—and any other similar two-step authentications- means you need another bit of information besides your password and email address. Most commonly in most consumer apps, it’s either an SMS code sent to your phone or a code generated by a dedicated authenticator app.
When you are setting up 2FA, you are asked to prove that you are the owner of your phone and the associated cell number. This proof gives you the authorization to generate and receive codes. Someone would need access to your phone as well as your email address and password, to be able to log in. 2FA codes are sometimes sent via email as well which you’ll need to get into your account.
For most services and accounts, this extra code isn’t required every single time you open the app or site—that would get tedious very quickly. Instead, 2FA jumps into action when you try to log in on a new device or new location that you haven’t used before or haven’t accessed in a long time, like a new phone or a laptop that hasn’t been associated with your account in the past.
An authenticator app is one of the best 2FA options, as there’s no way for shady characters to intercept the codes without physical access to your phone. This risk exists with SMS and email 2FAs.
You have a choice of apps, and the best support the most popular services: Authy is just about the best in the business, while Google and Microsoft offer very competent apps too. Some popular password management apps include an authenticator app, including Dashlane and LastPass.
We’re seeing a growing use of biometric information like a fingerprint or a face as that second authentication step, which should make two-factor authentication even more secure and convenient in the future.
Adding 2FA is a quick and simple process most of the time, and there’s really no excuse not to set it up if you have the option. It should be used as part of overall good security hygiene, not as the only option.
AUNTHENTICATION FACTORS
There are several different ways in which someone can be authenticated using more than one authentication method.
Knowledge factor: Something the user knows, such as a password, a PIN (personal identification number)
Possession factor: something the user has, such as an ID card, a security token, a cellphone, a mobile device, or a smartphone app, to approve authentication requests.
Inherence factor- Aka biometric factor: Something inherent in the user’s physical self. These may be personal attributes mapped from physical characteristics, such as fingerprints authenticated through a fingerprint reader. Other commonly used inherence factors include facial and voice recognition. They may also include behavioral biometrics, such as keystroke dynamics, gait, or speech patterns.
Location factor: Denoted by the location from which an authentication attempt is being made, can be enforced by limiting authentication attempts to specific devices in a particular location or, more commonly, by tracking the geographic source of an authentication attempt based on the source Internet Protocol (IP) address or some other geolocation information, such as Global Positioning System (GPS) data, derived from the user’s mobile phone or another device.
Time factor: Restricts user authentication to a specific time window in which logging on is permitted and restricts access to the system outside of that window.
DOWNSIDES OF 2FA
MFA has many problems, not to mention the fact that it can often be easily hacked through something as simple as sending a regular phishing email
Phone, SMS-based 2FA solutions are all the rage now and they are being hacked
2FA helps protect data and improve the internal security measures of a company. Cybersecurity risks come as a result of poor password hygiene by the end-users.
Key Fobs/ Peripherals/ Hardware Tokens for 2FA is costly for a business and users find their size makes them easy to lose or misplace. Even then, they are not entirely safe from being hacked.
Smartphone Solutions( Text-Message & Voice-based 2FA) may be appropriate for a low-risk online activity. However, for websites that store your personal information — like utility companies, banks, or email accounts — this level of 2FA may not be secure enough. In fact, SMS is considered to be the least secure way to authenticate users. As such, most companies are upgrading their security by moving beyond SMS-based 2FA.