By now, you have probably heard multiple companies referring to what is known as two-factor authentication (2FA), especially when it comes to companies whose goal is to maintain the integrity of their platforms. So what is 2FA, and why is it important?
What is 2FA?
Single-factor authentication is the thing we’re all quite familiar with. This encompasses the basic use of a username and password to secure your account. Though tried and true to some extent, advancements in cybercrime and fraud have enabled bad actors to spoof email accounts, hack email addresses to force password resets, and misrepresent themselves over the phone with relative ease. This is why 2FA has become a necessity.
Two-factor authentication is a method that goes beyond the traditional username and password. It works by adding a second layer of protection to your account or service by requiring you to provide a combination of two authenticators, such as a one-time code and an account password. Unless you provide both authenticators, you will not be able to establish your identity and receive access to the account or service.
Types of 2FA
Two-factor authentication is one of the best and simplest ways to keep your online accounts secure. Most websites and platforms support 2FA, but there are differences in how the one-time codes can be generated and sent to you. The most common methods include authenticator apps, SMS or email. The differentiating factor is the unique security token. A token can be an item or a card that displays a one-time passcode or contains security information about a user that can be verified by the system.
With app-based 2FA, the login process consists of a user being prompted to log in to their account with a username and password, then the system maps that information to a security token, which is something unique to the user like their registered device. This token triggers a second login process by generating a single-use code that will be visible in an authenticator app, which typically expires in less than 30 seconds. Upon entering this information, the user gains access to their account or service.
Which method is better?
It’s simple. Authenticator apps and SMS are faster and innately safer, thus serving as a better mitigating factor against fraud. Email is a fairly secure method for login credential delivery, however, email addresses can be at higher risk due to the fact they are most commonly used to communicate outside of secure networks and aren’t tied to a uniquely identifiable device.
Although SMS is easy to use and provides more protection compared to email delivery, it is not the most secure choice. Due to the popularity of SMS, it has attracted the attention of hackers who have come up with new ways to subvert it, such as spoofing, SIM swapping, and rerouting services. Also, SMS text authentication is usually valid for 30 minutes or more, which gives hackers more than enough time to use the code to their advantage.
On the contrary, authenticator apps are tied directly to your physical device, codes are not delivered over the mobile network and expire quickly, which means it means it is more difficult for hackers to intercept the code. While many web services are slow to adopt authenticator apps, and there are still some risks, we recommend our clients use app-based 2FA whenever possible. For those seeking app-based authentication, we recommend using Google Authenticator, Microsoft Mobile Phone Authenticator, or Duo Mobile.
For more information on how to set up or modify your 2FA settings, we encourage you to visit our help center and follow the steps in our user guide.
By Ade Shemsu in Digital Security