Two-factor authentication (2FA), often referred to as two-step verification, is a security process in which the user provides two authentication factors to verify they are who they say they are.
2FA can be contrasted with single-factor authentication (SFA), a security process in which the user provides only one factor — typically a password. Two-factor authentication provides an additional layer of security and makes it harder for attackers to gain access to a person’s devices and online accounts, because knowing the victim’s password alone is not enough to pass the authentication check. Two-factor authentication has long been used to control access to sensitive systems and data, and online services are increasingly introducing 2FA to prevent their users’ data from being accessed by hackers who have stolen a password database or used phishing campaigns to obtain users’ passwords.
What are authentication factors?
The ways in which someone can be authenticated usually fall into three categories known as the factors of authentication, which include:
- Knowledge factors: Something the user knows, such as a password, PIN or shared secret.
- Possession factors: Something the user has, such as an ID card, security token or a smartphone.
- Inherence factors: Something the user is. These may be personal attributes mapped from physical characteristics, such as fingerprints, face and voice. It also includes behavioral biometrics, such as keystroke dynamics, gait or speech patterns.
Systems with more demanding requirements for security may use location and time as fourth and fifth factors. For example, users may be required to authenticate from specific locations, or during specific time windows. Multifactor authentication involves two or more independent credentials for more secure transactions.
Single-factor authentication and two-factor authentication
Using two factors from the same category doesn’t constitute 2FA; for example, requiring a password and a shared secret is still considered single-factor authentication, as they both belong to the same authentication factor, knowledge. As far as SFA services go, user ID and password are not the most secure. One problem with password-based authentication is it requires knowledge and diligence to create and remember strong passwords. Passwords require protection from many inside threats, like carelessly stored sticky notes with login credentials, old hard drives and social-engineering exploits. Passwords are also prey to external threats, such as hackers using brute-force, dictionary or rainbow table attacks.
Given enough time and resources, an attacker can usually breach password-based security systems. Passwords have remained the most common form of SFA because of their low cost, ease of implementation and familiarity. Multiple challenge-response questions can provide more security, depending on how they are implemented, and stand-alone biometric verification methods can also provide a more secure method of single-factor authentication.
We are Freelance Web Designer, driven to get your company better results online. You get strategy, design, development & marketing all under one roof.