Two factor authentication (2FA) adds a second layer of authentication to user accounts. Passwords have been the traditional first layer of authentication and 2FA adds additional security.
Rise in cyber crime shows that passwords are not enough
The online world continues to grow in size and complexity. We have more online accounts to manage and we are sharing personal data in more places than ever. According to a Dashlane study, the average American had 150 online accounts in 2017 and is expected to grow to 300 in 2022. And to make matters worse, bad actors are getting more active than ever to steal that data. It is very important to use strong passwords and change it often. However, most people do not follow these practices and do not have the time to set and change passwords frequently.
In short, we cannot rely on passwords alone. Enter 2FA.
A second level of authentication
2FA adds a second layer of authentication to fortify the first level which has been found to be inadequate.
- Level 1 – users needs to provide their credentials in the form of their username and password
- Level 2 – once the user gets authenticated in the first level, they will be challenged to provide another form of authentication.
What are the additional factors for authentication
2FA makes it difficult for an unauthorized person to supply the additional factor for authentication. The second level is based on
- A person’s knowledge of something – a PIN number or an answer to a secret question
- A person’s possession of something – a token displayed in a hardware FOB or OTP
Different types of 2FA
Security Questions: Various websites require users to select security questions and provide answers which they will need to provide for authentication. We are quite familiar with security questions like your favorite cousin or first car. These are mostly used during a request to reset a password or change some personal data.
PIN Code: Many accounts provide users with a PIN code. Banks typically provide a PIN for use during ATM transactions but these are also used as a second level of authentication for various transactions.
Hardware token: Hardware tokens have been used by companies to provide access to employee laptops. It can be a small device which displays a number which the user will need to enter when logging in to their laptop. These are time based and keeps changing.
One time password (OTP): A software version of the hardware token is the OTP. Various 2FA providers provide an app which displays a numeric token when a user tries to login to their account. Like their hardware counterpart, these are also time based and keeps changing.
SMS or voice message: The user receives an SMS or voice message containing a code which they will need to provide as the second level of authentication.
Push message: Instead of a code, a push message is sent to the user’s phone that an attempt is being made to access a particular account. The user can approve or deny that access request.
Biometric methods: Fingerprint and retina scans are newer, more advanced level of 2FA based on a physical characteristic that are unique to each person.
Are all 2FA methods secure?
Not all forms of 2FA provide the same level of security. SMS messages with a numeric code are susceptible to hacking. OTP has gained in popularity as the codes can be generated on the same device that is being used for access.
What is multi-factor authentication?
As cyber criminals get more sophisticated, two factors are increasingly becoming inadequate in protecting more sensitive data. As we see above, not all 2FA methods are created equal. Additional factors are being used for multi factor authentication.
- A person’s physical characteristics – fingerprints or retina scan
- A person’s location – a user’s account cannot be accessed simultaneouly from different physical locations
Popular 2FA apps
- Google Authenticator
- Microsoft Authenticator
- Lastpass
- OneLogin Protect
- Authy by Twilio
- Duo Mobile
