Two Step/Factor Authentication

Online Privacy
Jun 30 /
CF /
0

Something you know / something you own/ something you are

Passwords alone are not enough to protect your online accounts. Most people have weak, easy to guess, passwords that can be cracked in less than a minute. Once a hacker has gained access to your online account, they can change the password and lock you out of the account. Your password could be caught in a data breach and sold to criminals to gain access to your account.

This is why you need to use another authentication method to protect your online accounts so if your password is compromised the hacker would need the second authentication method to gain access to the online account.

Two-factor authentication (2FA)

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves.

Two-factor authentication provides a higher level of security than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor, typically, a password or passcode. Two-factor authentication methods rely on a user providing a password as the first factor and a second, different factor usually either a security token or a biometric factor, such as a fingerprint or facial scan.

Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person’s devices or online accounts because, even if the victim’s password is hacked, a password alone is not enough to pass the authentication check.

Three types of authentication:

  • A knowledge factor is something the user knows, such as a password, a personal identification number (PIN) or some other type of shared secret.

  • A possession factor is something the user has, such as an ID card, a security token, a mobile phone, or a smartphone app, to approve authentication requests.

  • A biometric factor, also known as an inherence factor, is something inherent in the user’s physical self. These may be personal attributes mapped from physical characteristics, such as fingerprints or face scan.

How does it work:

  • The user is prompted to log in by the application or the website.

  • The user enters what they know — usually, username and password. Then, the site’s server finds a match and recognizes the user.

  • The site then prompts the user to initiate the second login step. Although this step can take a number of forms, the user has to prove that they have something only they would have, such as biometrics, a security token, an ID card, a smartphone or other mobile device. This is the inherence or possession factor.

  • Then, the user may have to enter a one-time code that was generated during step four.

  • After providing both factors, the user is authenticated and granted access to the application or website.

What is the best authentication method

The most common 2FA method is sending a code via SMS (text message) that you enter into the authentication request on the online account. Although this is the most common way it is not the most secure method due to sim swapping and other methods of stealing the code.

The safer method would be to use an authenticator app on your phone to produce the authentication code. The authenticator app is encrypted and much harder target by hackers to gain access to the code. I recommend using Aegis app as it is open source and a trustworthy authenticator app.

Aegis app

2FA Tokens

An authentication token is a hardware device used to authenticate you when accessing your online accounts. It is one of the safest and most secure way of generating the authentication codes. It is close to impossible for criminals to gain access to the codes generated by an authentication token.

The most popular authentication token on the market is the Yubikey. This is a USB device that you plug into a USB port on your computer, and it will produce the authentication codes. There are many different types of Yubikey to allow you to use them on all computer devices, even on your smartphone.

Authentication token are the best and most secure methods for producing authentication codes. For more information check out YubiKey’s website (yubicom.com).

             Yubikey

Tags:

No Tag

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *