What is Two Factor Authentication?

2-Factor Authentication?

Two Factor Authentication is a process in which a user provides two different types of identification from seperate categories of credentials. Two factor authentication can be used in both for digital security and physical security.

Usually two factor authentication will involve two of the following authentication components:

  • A physical object (eg. card, key, USB stick)
  • A secret known to the user (eg. Password, username, PIN number etc.)
  • A physical characteristic of the user(iris, voice, fingerprint etc.)

Examples

A good example of two factor authentication that is commonly used in the physical world is a bank card. With a bank card the card itself is the first form of identification then the PIN number (or in the past signature) is the second, in theory if you lose your bank card and someone finds it then they will not be able to get money out of it because they do not know the pin number (although paywave has sort of made the whole PIN number irrelevant for security).

The most common form of two factor authentication that is used online is commonly used is when you log in like normal with a username/email address and password combination then the service will send a code via either automated phone call or text message to the users phone then the user which they then type in and they have completed the two factors of authentication and can now use the service.

Some common online services that two factor authentication can be enabled on

  • Google Account (video below about googles two step authentication method)
  • Microsoft Account
  • Office 365 / Azure AD
  • Dropbox
  • Amazon AWS
  • Cloud Flare
  • Yahoo Account
  • All good bank’s
  • And 1000’s more

Should you enable two factor authentication?

You cannot use two factor authentication everywhere, the service that you use have to have support for some sort of extra authentication factor.

Two factor authentication adds an extra step and can be implemented in different ways that can either be easy or a major pain. This extra step and authentication method does make it harder for potential attackers to steal your account or personal information but as with everything it does not make services completely secure.

If somebody really wants to attack you accounts they still can do things like steal your phone or whatever is your second form of authentication.

Overall having two factor authentication enabled on your accounts will improve your accounts security but it will not make your accounts impenetrable.

I personally have two factor authentication implemented on all accounts that support it but its your choice whether to use it or not. Definitely at least on all important accounts that contain information that you care about (bank, email, accounting packages) should have some form of extra verification to keep this information more secure.

Posted in: