With 2-factor authentication, an extra layer of security is added to a user's account to prevent someone from logging in, even if they have the correct password. This extra security measure requires users to verify their identity using a randomized code sent each time they attempt to log in.
Before jumping into the question ‘what is two-factor authentication, let’s consider why it’s important to improve your online account security.
With so much of our lives happening on mobile devices and laptops, it’s not a surprise that our digital accounts have become a magnet for lurking criminals. Malicious attacks against governments, companies, and individuals seem to be more common. And there are no signs that the hacks, data breaches, and other forms of cybercrime are slowing down!
Luckily, using two-factor authentication (or also referred as 2FA) enables businesses to add an extra level of protection to user accounts.
What is Two-factor authentication?
Two-factor authentication (2FA) is a security process in which users provide two different authentication factors to verify themselves. This process is done to better protect both the user's credentials and their resources.
This security process provides a higher level of security than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor -- typically - for example a password or passcode.
Two-factor authentication methods rely on a user providing a password, as well as a second factor - for example a security token or a biometric factor, such as a fingerprint or facial scan.
Extra Layer of Security
2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are.
First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information. This second factor could come from one of the following categories:
Something you know - A personal identification number (PIN), a password, answers to “secret questions” or a specific keystroke pattern
Something you have: Typically, a user would have something in their possession, like a credit card, a smartphone, or a small hardware token
Something you are: This category is a little more advanced, and might include a biometric pattern of a fingerprint, an iris scan, or a voiceprint
With 2FA, a potential compromise of just one of these factors will not enable access to the account. This means that even if your password is stolen or your phone is lost, the chances of someone else having your second-factor information is highly unlikely.
Common Types of 2FA
While there can be different forms of 2FA methods, here are the most common:
Hardware tokens and produce a new numeric code every 30-seconds. Hardware tokens are probably the oldest form of 2FA, often in the form of key fobs.
When trying to access an account, users must glance at the device and enter the displayed 2FA code back into the application. Other versions of hardware tokens automatically transfer the 2FA code when plugged into a computer’s USB port.
Text-Messages or SMS
SMS-based 2FA interact directly with a user’s phone.
After receiving a correct username and password credentials, the SMS-host site sends the user a unique one-time passcode (OTP) via text message.
Similar to the hardware token process, the user must then enter the OTP back into the application before getting access.
Software Tokens for 2FA
The most popular form of two-factor authentication uses a software-generated time-based, one-time passcode - also called TOTP, or “soft-token”. Soft-tokes are the preferred alternative to SMS and voice 2FAs.
When using soft-tokens users must first download and install a free 2FA app on their smartphone or desktop. Users can then use the app with any site that supports this type of authentication.
At sign-in, the user first enters a username and password, and then, when prompted, they enter the code shown on the app. Like hardware tokens, the soft token is typically valid for less than a minute. And because the code is generated and displayed on the same device, soft-tokens remove the chance of hacker interception.
Apple iOS, Google Android, and Windows 10 all have apps that support 2FA, enabling the phone itself to serve as the physical device to satisfy the possession factor.
Should you use 2 Factor Authentication?
Absolutely! Everybody should use a 2FA security process to access and protect their accounts.
Passwords on their own are not as flawless as we need them to be. Today, cyber attackers have the power to test billions of password combinations in seconds. What’s even worse, 65% of people use the same password everywhere.
Recent study reports conducted by Verizon, show that stolen, reused, and weak passwords remain to be the leading cause of security breaches. Unfortunately, passwords are still the main (or only) way many applications protect their users and their accounts.
The good news is that cybercrime is a hot topic in the tech media, so much that 2FA awareness is quickly growing and users are demanding that applications have improved security methods.
This is where two-factor authentication comes into play. 2FA offers you an extra layer of protection. While using this type of protection, it is hard for cybercriminals to get the second authentication factor; this drastically reduces their chances to succeed.
ABout CITE TEchnology
We provide comprehensive IT solutions for small and mid-sized organizations with complex needs. Offering 24/7 Tech Support, Remote Support and Cloud Storage. We specialize in data management, medical imaging, HL7 interfacing, and HIPAA compliance.