What is two-factor authentication (2FA)?
2FA is an added layer of protection for your online account access. It still requires use of a password as usual, but now before gaining access to your account, you will be required to provide a 2nd piece of information. This 2nd piece of information, hence the two-factor, can come for a number of different categories depending on the authentication.
- Something you know: This could be a PIN number or answers to “secret questions” that only you should know.
- Something you have: This is typically something that you would have in your possession. For example, a smartphone or hardware token. In the case of the smartphone, you may receive a text with a pin code you have to then enter before gaining access to your account. Hardware tokens generate unique codes to enter each time you log in.
- Something specific to you: This is the more advanced option and may include bio-metric information like finger prints, iris scans or a voice print.
There are a number of methods to accomplish 2FA in use today.
- Hardware Tokens: Oldest form of 2FA. Requires a small device like a key fob or USB thumb drive. Can be costly for businesses. Size of the device makes it prone to loss. Devices can be hacked.
- SMS Text Message or Voice-based 2FA: Requires the user have a mobile phone available. Site will text or call the user with a unique one-time pass-code (OTP) to be used for login. This is probably the least secure option.
- Software Tokens: The most popular form of 2FA. It is also a preferred alternative to SMS and voice. Uses an App on either the smartphone or desktop/laptop computer. At sign in, the user enters the user id and password. When prompted you enter the time-based, one-time pass-code (TOTP) generated by the app. The app generates the code and displays it, making it a more secure method and less prone to hacking.
- Push Notifications: Push notifications simply notify the owner of the account that an authentication attempt is taking place. The owner views the details on their device and can approve or deny access with a single touch. This is the most user-friendly method of 2FA, but does require an internet connected device that accepts apps.
- Bio-metric 2FA: This method treats you as the token. This method verifies the user by fingerprint, retina patterns and/or facial recognition. It is the new method and is quickly gaining adoption, but may not be readily available.
To find out if the services you use offer 2FA, you can go to the following website: https://twofactorauth.org/
In part 3 of this series I will take a look at why organizations are failing at password security
To learn more about 2FA and protecting your business credentials look to IT professionals that understand cyber security and have the tools and know-how to help keep your business secure.