About Two Factor Authentication (2FA)
2FA is an approach to authentication which requires the presentation of one of the three authentication factors:
- A knowledge factor (“something only the user knows“),
- A possession factor (“something only the user has“), and
- An inherence factor (“something only the user is”).
2FA is nothing new. It used to be a process to secure access to a company intranet using a secure access token device. It has just been extended to being a process to secure everyone’s online service account using a One-Time Password usually involving the user’s mobile phone.
The way 2FA works
The basic idea is that to log into an account, you’d need two things to verify you are who you say you are:
- something you know (like a password), and
- something you have (like your cell phone, tied to a verified phone number).
In fact, you might already be using this process with your Net Banking account as an OTP PIN.
Example: Google’s two-step verification
Google was one of the first Internet companies which introduced a two-step verification process. To access a Google service using the two-step verification process, a user has to go through the following two stages:
- The first step is to log in using the username and password. This is an application of the knowledge factor.
- The implementation of the second step requires a mobile phone, or the Google Authenticator application, which is an application of the possession factor.
If the user opts to use a mobile phone, he/she has to register his/her phone number with Google. Later when one attempts to authenticate with username and password, Google will send via SMS a new, unique code to the phone. Receiving the SMS demonstrates that the user is genuine as he/she is in possession of the account owner’s phone number.
If the user opts to use the Google Authenticator (or another supported code generator application), he/she simply opens the application, which generates a new code every 30 seconds. This code is to be entered to complete the login process.
As a backup option in case the registered mobile phone or device running Google Authenticator is lost, stolen, or otherwise unavailable, the user can print a set of static single-use backup codes (also the knowledge factor) and store them in a safe place. More Info
Current 2FA-enabled Services
Although there exist consumer pressure groups such as TwoFactorAuth.org, enabling 2FA is almost entirely up to the online service providers to implement when it makes a business case for them to do so.
For some online services such as Net Banking and Secure Messaging, implementing 2FA is an extension of consumer trust building.
Benefits Of 2FA On Online Services
2FA brings with it a layer of security as well as a level of inconvenience for the otherwise simple task of logging in to an online service. However, these days the risk of not using it to secure your online account far outweighs that inconvenience!
If you found this post useful I’d appreciate it if you could rate it well & generously share it with others who want this info.
Have questions or something to share? Go to Comments
You can use the Social Sharing buttons provided or just Copy-Paste the link to this post wherever you wish.